Page MenuHomeDevCentral
Differential D1486

Create individual PHP session directories per php-fpm user
ClosedPublic
Actions

Authored by dereckson on Mar 23 2018, 19:25.
Tags
None
Referenced Files
F6804436: D1486.id3804.diff
Fri, Apr 11, 09:38
F6799360: D1486.id3805.diff
Fri, Apr 11, 01:02
Unknown Object (File)
Fri, Apr 4, 04:02
Unknown Object (File)
Tue, Apr 1, 17:39
Unknown Object (File)
Tue, Apr 1, 04:00
Unknown Object (File)
Mon, Mar 31, 06:17
Unknown Object (File)
Sun, Mar 30, 21:30
Unknown Object (File)
Sun, Mar 30, 09:54
View All Files
Subscribers
None

Details

Reviewers
dereckson
Maniphest Tasks
T417: Don't flood /tmp with variable files in top directory on Ysul
Commits
rOPS88ad7d6558ab: Create individual PHP session directories per php-fpm user
Summary

To improve security for applications not using a custom session
handler, it's better to isolate sessions in a directory only
readable by the current php-fpm pool username.

As such, a security issue with one site allowing to browse files
won't allow to hijack sessions on a site served by another php-fpm pool.

Meanwhile, we reset to the default value in php.ini to allow quick tests
with php -S internal server on development servers.

Ref T417.

Test Plan

Test with www.dereckson.be

Diff Detail

Repository
rOPS Nasqueron Operations
Lint
Lint Passed
Unit
No Test Coverage
Branch
php-individual-session-dirs (branched from master)
Build Status
Buildable 2342
Build 2590: arc lint + arc unit

Event Timeline

dereckson requested review of this revision.Mar 23 2018, 19:25
dereckson created this revision.
Harbormaster completed remote builds in B2342: Diff 3804.Mar 23 2018, 19:25
dereckson updated this revision to Diff 3805.Mar 23 2018, 20:36

fqdn

Harbormaster completed remote builds in B2343: Diff 3805.Mar 23 2018, 20:36
dereckson resigned from this revision.Mar 23 2018, 20:37
dereckson accepted this revision.
This revision is now accepted and ready to land.Mar 23 2018, 20:37
Closed by commit rOPS88ad7d6558ab: Create individual PHP session directories per php-fpm user (authored by dereckson). · Explain WhyMar 23 2018, 20:37
This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

PathSize
roles/
webserver-legacy/
php-sites/
files/
3 lines
4 lines
9 lines

Diff 3804

View Options

roles/webserver-legacy/php-sites/files/php-fpm-pool.conf

Loading...
View Options

roles/webserver-legacy/php-sites/files/php.ini

Loading...
View Options

roles/webserver-legacy/php-sites/php.sls

Loading...
Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator