I'm writing a collaborative project designed to allow code contributions from users. Users will be able to extend a class, add functionality etc, and submit the code back to the server for regular execution.
Is there a safe way to execute users' PHP code? A foolproof sanitizing method? What about infinite loops? Or should I offer a different scripting language?
Securing against users accessing or changing files can be done with safemode.
Securing against infinite loops require setting some amount of time the php interpreter gets to generate the site. set_time_limit
You also need to stop users communicating with outside servers to avoid it being used as a spam sender. allow_url_fopen
There are probably a lot of other more serious issues. This is no easy task.
JailRoot for the DocumentRoot
SafeMode ON to allow access to files only on specific directories
Use a per USER MPM to limit system
resources to the apache process
Set safe php.ini settings for memmory limit and max_execution_time
And as Saggi Malachi noted, this is very experimental, you have to monitor the actions on the server and have fallback szenarios, eg. cronjobs watching load average, if loadaverage is above threshold stop apache and sendmail.
Other good idea is to compile your own php und deny access to php functions which could be "exploited" by your users.
Maybe I could use server-side Javascript instead with SpiderMonkey
It sounds much safer!