[RFC] SFTP support

Note: We are moving the topics of this forum and it will be deleted at some point

Publish your own request for comments/change or patches for the next version of phpBB. Discuss the contributions and proposals of others. Upcoming releases are 3.2/Rhea and 3.3.
Post Reply
Oleg
Posts: 1150
Joined: Tue Feb 23, 2010 2:38 am
Contact:

[RFC] SFTP support

Post by Oleg »

This goes together with removing database storage of stylesheets and templates (viewtopic.php?f=84&t=33456) but it is an entirely standalone piece of functionality.

Some work was done on this earlier and needs to be salvaged:

https://github.com/phpbb/phpbb3/tree/fe ... xperiment/
https://github.com/phpbb/phpbb3/commit/ ... eb157723aa
https://github.com/phpbb/phpbb3/commit/ ... 71485e5eae
https://github.com/phpbb/phpbb3/commit/ ... 935e06be76

Proper description of this RFC also needs to be written.

User avatar
bantu
3.0 Release Manager
3.0 Release Manager
Posts: 557
Joined: Thu Sep 07, 2006 11:22 am
Location: Karlsruhe, Germany
Contact:

Re: [RFC] SFTP support

Post by bantu »

We should consider using a crypto library.

There is a PHP5 port of TerraFrost's phpseclib which is where the experimental phpBB code is also from: https://github.com/timmartin/phpseclib

XTF
Registered User
Posts: 49
Joined: Sun Dec 04, 2011 6:31 pm

Re: [RFC] SFTP support

Post by XTF »

(S)FTP access looks like an ugly work around. Why can't file permissions be set properly?

User avatar
naderman
Consultant
Posts: 1727
Joined: Sun Jan 11, 2004 2:11 am
Location: Karlsruhe, Germany
Contact:

Re: [RFC] SFTP support

Post by naderman »

Proper file permissions do not allow the webserver to write to the files it executes.

XTF
Registered User
Posts: 49
Joined: Sun Dec 04, 2011 6:31 pm

Re: [RFC] SFTP support

Post by XTF »

naderman wrote:Proper file permissions do not allow the webserver to write to the files it executes.
Why not?

Oleg
Posts: 1150
Joined: Tue Feb 23, 2010 2:38 am
Contact:

Re: [RFC] SFTP support

Post by Oleg »

Because then if you have a code execution hole in your application an attacker can overwrite your files, therefore they will be able to potentially serve their own pages to your site's users. An application which never executes code it has write access to will not permit an attacker to affect anyone but themselves.

In context of database-driven web applications, attackers who are able to run arbitrary code can frequently write appropriate code into the database such that users get payload in their markup anyway.

Where write protection is still effective is cross-application compromise (application X overwriting application Y's files). Generic exploits do not try to figure out what databases they might have access to via other applications, but they do try to write all files on the filesystem they can find.

XTF
Registered User
Posts: 49
Joined: Sun Dec 04, 2011 6:31 pm

Re: [RFC] SFTP support

Post by XTF »

Ah, like that. I read naderman's statement the wrong way.

Anyway, wouldn't SFTP support effectively give the webserver permission to write to the files it executes?

Oleg
Posts: 1150
Joined: Tue Feb 23, 2010 2:38 am
Contact:

Re: [RFC] SFTP support

Post by Oleg »

If we don't store the password, not outside a single request. Even if we do store the password, other software on the same server won't be able to write to phpbb's tree (unless of course it retrieved password from the database).

The other reason to do SFTP is users whose hosting provider does not allow webserver to write to php tree (although I imagine this is a very small subset). For these users, and anyone else who uses FTP, SFTP would be preferable to FTP that we currently provide.

Moved to 3.2 for now.

Post Reply