Question about LibCURL and security

[pgosse]

Hi all. I'm wondering about any security issues which might arise from using LibCURL to move files around on a server, and indeed the feasibility of acheiving my goal.

I've got two sites which are located thusly on the same server:

/u0/vservers/cms.mysite.com/html/gateway/
/u0/vservers/

http://www.mysite.com/html/gateway/

The first is a content management system, the other the live site.

What I'd like to accomplish is to allow people to upload image and document files into the CMS, and then use something similar to the following (which I found in an article on

http://www.zend.com)

to transfer files from the cms to the live site.

The code might look like this (I've just modified the code from the article):

<?PHP 
// FTP this script to a server
$file = '/u0/vservers/cms.mysite.com/_images/image_file.jpg';
$fp = fopen($file,'r'); 
$url = 'ftp://username:password@mydomain.com:21/u0/vservers/[URL unfurl="true"]www.mysite.com/_images/image_file.jpg';[/URL] 
$ch = curl_init();     
curl_setopt($ch, CURLOPT_URL, $url);  
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);  
curl_setopt($ch, CURLOPT_UPLOAD, 1);  
curl_setopt($ch, CURLOPT_INFILE, $fp);  
curl_setopt($ch, CURLOPT_FTPASCII, 0);  
curl_setopt($ch, CURLOPT_INFILESIZE, filesize($file));  
$result = curl_exec($ch);  
curl_close($ch);  
?>

I will also need to change things such that this uses ftps instead of plain ftp.

Can anyone identify any major security holes that might arise from implementing something like this?

I'd also be interested in any other ideas people might have as to ways to accomplish a secure file transfer between two separate sites on the same server.

One idea I was tossing around was writing a CGI that I would call using su_exec () and having that CGI move the files.

I'll also need to eventually implement code which will allow for the deletion of files from the live site, based on commands issued from the cms.

I greatly appreciate any feedback on this idea.

Thanks in advance,

Pablo

 

[sleipnir214]

Why not just have your CMS move the files using the "cp" command?

Want the best answers? Ask the best questions:

http://www.catb.org/~esr/faqs/smart-questions.html

TANSTAAFL!

 

[pgosse]

I thought about that, but for security reasons I want to have the directories which the files will be uploaded to on the cms, and the directories they will be copied to on the live site, as writeable only by a specific user not the user nobody which apache will be running as. The reason for this is that the environment in which I work has a pretty high level of security and my sysadmin won't be thrilled about opening up a specific directory to be writeable by anyone. I thought about changing ownership and write access for that folder to the nobody user, but then theoretically any process running as nobody could write to this directory and I need it such that only the CMS can do so.

Ideas?

My one thought in accomplishing this is to write a CGI script, which will be executed by libCurl, that accepts the following parameters:

- directory_name
- file_name(s)

which then uses mod_suexec in Apache to su to the specified user, executes the script, su's back to the nobody user and returns true or false to the php script.

Thoughts?

Thanks in advance,
Pablo