Jump to content

Dynamically loading PHP extensions?

ThePsion5

By ThePsion5
in PHP

 Share

Recommended Posts

ThePsion5 Member

ThePsion5

Posted
Posted

Hi guys,At the moment I'm working on a computer to which I don't have administrative priviledges, which presents quite a few annoyances - the largest of which being that I can't restart the Apache server on it without restarting my computer, so this got me to wondering something. When using a server that you can't directly alter the configuration for (a web host, for example) and want to modify the PHP settings of said server to load additional modules (mySQL, GD, whatever else), I want to know if there's some way to load one of PHP's libraries dynamically. For example, if I write a script that uses the GD library on a server where PHP is not configured to run GD, could I somehow load it at script execution time? Perhaps using a statement similar to require_once(convoluted/path/to/gd.php) or something similar?

Link to comment
Share on other sites
justsomeguy w3schools Guru

justsomeguy

Posted
Posted

Ahh good call, I wasn't aware of that. I should have done a little more research, I was assuming that the PHP executable gets loaded when the server starts. It looks like you have to copy the .dll/.so file to your working directory though, and there may be a permission restricting loading those from a user's own directory, or restricting a user from loading them at all.Figures..

There is an exploit circulating currently which takes advantage of dl() to inject code into Apache which causes all requests to all virtual hosts to be redirected to a page of the attackers choice.All operators of shared web hosting servers with Apache and PHP should disable dl() by setting enable_dl to off otherwise your servers are vulnerable to this exploit.
Link to comment
Share on other sites
ThePsion5 Member

ThePsion5

Posted
  • Author
Posted

It seems like there could be an easy way around this, however. To make sure the exploit can't be used against you, simply do this:

function dl_safe($extension){  $set = false;  if(ini_set('enable_dl', true))  {	$set = dl($extension);	ini_set('enable_dl', false);  }  return $set;}

This way, there's no window for the attacker to use dl() against the server since it's only turned on long enough for the extension to be loaded.

Link to comment
Share on other sites
justsomeguy w3schools Guru

justsomeguy

Posted
Posted
It seems like there could be an easy way around this, however. To make sure the exploit can't be used against you, simply do this:
function dl_safe($extension){  $set = false;  if(ini_set('enable_dl', true))  {	$set = dl($extension);	ini_set('enable_dl', false);  }  return $set;}

This way, there's no window for the attacker to use dl() against the server since it's only turned on long enough for the extension to be loaded.

That won't work, enable_dl cannot be set by the user.http://www.php.net/manual/en/ini.php#ini.list
PHP_INI_USER 1 Entry can be set in user scripts or in Windows registryPHP_INI_PERDIR 2 Entry can be set in php.ini, .htaccess or httpd.confPHP_INI_SYSTEM 4 Entry can be set in php.ini or httpd.confPHP_INI_ALL 7 Entry can be set anywhere
enable_dl is PHP_INI_SYSTEM
Yes I asked this.. So how exactly do you use this? (I wanted to load the gd library, since my host says he has it, it just must not be enabled).
There are examples on the reference page for dl on how to use it. The extension needs to be in the php extensions directory, and you need to know the filename.
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...