Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Check for user_id and group_id maybe broken #10

Open
gittoar opened this issue Dec 28, 2015 · 1 comment
Open

Check for user_id and group_id maybe broken #10

gittoar opened this issue Dec 28, 2015 · 1 comment

Comments

@gittoar
Copy link

gittoar commented Dec 28, 2015

User-ID: 33
Group-ID: 33

Yes, it is lower than 100 and therefore an issue but due to restrictions via PHP disable_functions the checks don't work via phpsecinfo.com, i.e. "Not Run
Functions required to retrieve group ID not available".

So the SecurityInfo does not check the return-codes/-infos from phpsecinfo.com properly or the implementation differs from phpsecinfo.com. This is confusing and should be corrected and more documented for minimum debugging purpose. Thanks.
@dimejo
Copy link

dimejo commented Jan 21, 2025

I'm seeing this warning because PHP is running as UID and GID 48 (user apache).

/**
 * the minimum "safe" UID that php should be executing as.  This can vary,
 * but in general 100 seems like a good min.
 *
 */
define('PHPSECINFO_MIN_SAFE_UID', 100);

I couldn't find any reference why UIDs less than 100 (besides UID 0) are privileged and unsafe. UID 0-99 is reserved for system users and should not be used by applications according to LSB, but this doesn't automatically make them privileged and unsafe. Please change this test!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@gittoar @dimejo