1
0
mirror of https://github.com/vichan-devel/vichan.git synced 2024-11-27 17:00:52 +01:00

SECURITY: prevent a DoS attack by disabling HTTP access to tools/ scripts.

This commit is contained in:
czaks 2014-09-21 00:56:00 +02:00
parent c5c356e077
commit 5f7e62142c
4 changed files with 1 additions and 68 deletions

View File

@ -13,7 +13,7 @@ error_reporting(E_ALL);
set_time_limit(0); set_time_limit(0);
$shell_path = getcwd(); $shell_path = getcwd();
if (isset ($_SERVER['REMOTE_ADDR']) && $_SERVER['REMOTE_ADDR'] != '127.0.0.1' && $_SERVER['REMOTE_ADDR'] != '::1') { if (php_sapi_name() != 'cli') {
die("This script is executable only from Command Line Interface."); die("This script is executable only from Command Line Interface.");
} }
@ -48,59 +48,4 @@ $mod = Array(
'boards' => Array('*') 'boards' => Array('*')
); );
function get_httpd_privileges() {
global $config, $shell_path, $argv;
if(php_sapi_name() != 'cli')
die("get_httpd_privileges(): invoked from HTTP client.\n");
echo "Dropping priviledges...\n";
if(!is_writable('.'))
die("get_httpd_privileges(): web directory is not writable\n");
$filename = '.' . md5(rand()) . '.php';
$inc_filename = '.' . md5(rand()) . '.php';
echo "Copying rebuilder to web directory...\n";
// replace "/inc/cli.php" with its new filename
passthru("cat " . escapeshellarg($shell_path . '/' . $_SERVER['PHP_SELF']) . " | sed \"s/'\/inc\/cli\.php'/'\/{$inc_filename}'/\" > {$filename}");
$inc_header = "<?php\n";
// copy environment
$env = explode("\n", shell_exec('printenv | grep ^TINYBOARD'));
foreach($env as $line) {
if(!empty($line))
$inc_header .= "putenv('" . addslashes($line) . "');\n";
}
// copy command line arguments
$inc_header .= "\$argv = " . var_export($argv, true) . ";\n";
// copy this file
file_put_contents($inc_filename, $inc_header . substr($inc = file_get_contents(__FILE__), strpos($inc, "\n")));
chmod($filename, 0666);
chmod($inc_filename, 0666);
if(preg_match('/^https?:\/\//', $config['root'])) {
$url = $config['root'] . $filename;
} elseif($host = getenv('TINYBOARD_HOST')) {
$url = 'http://' . $host . $config['root'] . $filename;
} else {
// assume localhost
$url = 'http://localhost' . $config['root'] . $filename;
}
echo "Downloading $url\n";
passthru('curl -s -N ' . escapeshellarg($url));
unlink($filename);
unlink($inc_filename);
exit(0);
}

View File

@ -21,10 +21,6 @@
require dirname(__FILE__) . '/inc/cli.php'; require dirname(__FILE__) . '/inc/cli.php';
if(!is_writable($config['file_script'])) {
get_httpd_privileges();
}
$start = microtime(true); $start = microtime(true);
// parse command line // parse command line

View File

@ -4,10 +4,6 @@
require dirname(__FILE__) . '/inc/cli.php'; require dirname(__FILE__) . '/inc/cli.php';
if(!is_writable($config['file_script'])) {
get_httpd_privileges();
}
if (!isset ($argv[1])) { if (!isset ($argv[1])) {
die("Usage: tools/recount-bumps.php board_uri\n"); die("Usage: tools/recount-bumps.php board_uri\n");
} }

View File

@ -2,10 +2,6 @@
<?php <?php
require dirname(__FILE__) . '/inc/cli.php'; require dirname(__FILE__) . '/inc/cli.php';
if(!is_writable($config['file_script'])) {
get_httpd_privileges();
}
$variants = [["hour", 3600], ["day", 3600*24], ["3 days", 3600*24*3], $variants = [["hour", 3600], ["day", 3600*24], ["3 days", 3600*24*3],
["week", 3600*24*7], ["month", 3600*24*7*30]]; ["week", 3600*24*7], ["month", 3600*24*7*30]];