How to hide PHP code on the server, provided that it needs to be edited?

M

Max2019-03-24 03:11:18

linux

Max, 2019-03-24 03:11:18

Good afternoon!
There are PHP scripts, classes, configs. All this goodness is interconnected, I need to give access to the server to a person so that he works (runs as root) with these scripts, while changing only the config files, and so that it is not possible to view the source code.
I found various free obsfukators that turn the code into something like this

<?php include(base64_decode('Li4vY29uZmlnLnBocA=='));include(base64_decode('cHJpdmF0ZS92ZW5kb3IvYXV0b2xvYWQucGhw'));$krc_5bf7f45b=[];foreach($bhi_6f9322e1as $xol_e8b7be43){$xol_e8b7be43=explode(base64_decode('Og=='),$xol_e8b7be43);try{$uic_c59361f8=new \xee_d9cb1642\cko_659fc60();$uic_c59361f8->ldc_aa08cb10($xol_e8b7be43[0],$xol_e8b7be43[1]);$krc_5bf7f45b[]=$uic_c59361f8;}catch(Exception $wky_efda7a5a)

1. What if the config files have variable names and it turns out that when the main working code is obscured, the variables have other names? Not to force the user to run the corrected config through obsfucation every time? So far this seems to be the only option.
2. Is it possible inside the server under Ubuntu to somehow restrict the ability to copy or view or download certain files or make some other methods of protection-hiding, but at the same time with the ability to run this code. There was an idea to hide the code somewhere in the bowels of the folders of the file system, naming it with random names, and run it somehow through symlinks by file name or something like that. Is it possible to?
3. The option is not to provide root access to the server, but to launch through a browser, give access only to FTP to upload the config to a separate folder. But there are a number of points here - all scripts are executed up to a week, and must be executed as root. How to solve it?

Reply

Answer the question

In order to leave comments, you need to log in

5 answer(s)

M

Marat Yuldashev, 2019-03-24
@mcconfig

Right now I’ll offer an option, without specifics, but you should catch the essence, firstly, if you need to edit configs, you don’t have to give access to the server, you can make these configs editable through some kind of web face, as for launching applications, you can do the same a couple of buttons, giving the web server the appropriate rights. Why give root access?

S

Sowander, 2019-03-24
@Sowander

You can't hide from the root
1. We give another user to the client
2. We write a new script that responds to the user's actions. creates a file in the system
3. In the main script, add a condition for checking the existence of the file and deleting it if the script succeeds/fails.
4. set the main script to be executed in cron every minute from under the root

R

rPman, 2019-03-24
@rPman

Unfortunately, in the general case, if you need to run scripts as root, then a malicious programmer can insert his own code in the configuration files, which will scan the computer for other files and copy them for study into a directory with access (or send them over the network).
If the application being launched can work without access to the network, then you can launch it in a controlled environment (virtual machine or lxc / docker container), let it do whatever it wants, after the work is completed, we pick up the expected result and roll back the changes.
ps there is a way if all the project files you want to hide are not stored on the computer at all, but are loaded via pipes or stdin redirects from another machine (via ssh for example), all interpreters allow you to do this using command line switches ... this will not provide absolute protection, but will greatly complicate the life of an attacker, since he will need to analyze memory dumps to study.

H

hewlett-pacific, 2019-03-24
@hewlett-pacific

Frameworks provide mechanisms for relatively safe impersonation, but in raw php you have to pervert. The idea is this:
1) We create a bash script in which we give privileges through sudo.
2) Run the bash script with exec().
3) We do what needs to be done.
4) Revoke privileges.
In general, impersonations of this kind raise a lot of security issues, especially in php. Maybe it's better to look towards the demons?

M

metajiji, 2019-03-24
@metajiji

Here are the options for taste and color according to your capabilities and degree of paranoia:
Selinux / Apparmor
Docker / lxc / systemd-nspawn
KVM / VirtualBOX / etc.
Chroot / cgroups / chroot + cgroups
Also, do not forget about simple things like open_basedir
From experience, I’ll say that now wrapping it in a container is as easy as shelling pears, the same systemd is everywhere.
If you are afraid of containers, make a chroot and, to be sure, anoint cgroup on top (get + - the same container) and of course there is always kvm, but this is an overkill, but it is simple and reliable.