Disabling PHP Functions with SUHOSIN and Optionally cPanel/WHM

Published on 8:30 pm - Saturday 29 January 2011 in Hints and Tips, Resources and Time of the Time. 0 Comments Tags: , , , , , , , , .

If your server has SUHOSIN installed/enabled, regardless of whether you have cPanel/WHM or not, this should work for you. Disabling PHP functions using the 'disable_functions' section of your php.ini file won’t really work too well if you using SUHOSIN. Instead, comment out the 'function_disable' line and add the following under neath it:

suhosin.executor.func.blacklist = "show_source,shell_exec,passthru,exec,popen,allow_url_fopen,system"

Of course your list of disabled features may not be the same as the example above, so be sure to add or delete the functions you want disabled or enabled from the list. Once you are done, restart apache and check your results with a phpinfo.php file. The following code inside a phpinfo.php file should do it:

<?php
phpinfo();
?>

Save the file and access it via your browser.

Search the page for the following value:

suhosin.executor.func.blacklist

The Local Value and Master Value should contain the following (as per the example in this case).

show_source,shell_exec,passthru,exec,popen,allow_url_fopen,system

Some plugins (cPanel or Other) may still complain that these functions are not disabled. You can rest assured, that they are disabled. In the case of wanting to simply please the software application (content management system etc) you can still add the entries as desired using the 'disable_functions' section of your php.ini file, although they won’t actually have any affect, as the values are overridden by the suhosin line. In some cases, apache may complain about both lines existing, in which case you may have to modify the software application to skip the check instead.

What about if I want to enable a feature for one particular domain?

If you want to enable or disable feature/s for one particular domain, a custom configuration can be set. On a standard server without cPanel/WHM, you would edit the vhost for the domain concerned. This may be the main /etc/httpd/conf/httpd.conf file or it may be an include file. This will depend on your servers configuration. The short of it is, you simply add the following line to the end of the vhost configuration for the particular domain:

php_admin_value suhosin.executor.func.blacklist 'show_source,popen,allow_url_fopen,system'

In the above example, I’ve allowed shell_exec and passthru by not specifying them in the blacklist. If you browse to your phpinfo.php file, you’ll notice the Local Value and Master Value are now different. The local value is the configuration on the domain concerned, the master value is the server wide global configuration. Note: you need to be visiting the phpinfo.php file via the domain or dedicated IP Address of the domain you are making the change for.

The process is exactly the same on servers with cPanel/WHM. The only difference is that editing the /etc/httpd/conf/httpd.conf is discouraged, as future re-compiles of apache and updates of cPanel/WHM can cause the changes to be lost. Instead, each vhost in the /etc/httpd/conf/httpd.conf file should have one or some of the following lines at the end of the vhost section:

Include "/usr/local/apache/conf/userdata/*.conf"
Include "/usr/local/apache/conf/userdata/*.owner-username"
Include "/usr/local/apache/conf/userdata/std/*.conf"
Include "/usr/local/apache/conf/userdata/std/*.owner-username"
Include "/usr/local/apache/conf/userdata/std/2/*.conf"
Include "/usr/local/apache/conf/userdata/std/2/*.owner-username"

Don’t worry if you don’t have all of the above lines, or they don’t look exactly the same. So long as you can see an include line to a directory, that is all you need. Go to that directory (in this example I’m using Include "/usr/local/apache/conf/userdata/std/*.conf" and create a file called domainname.conf or username.conf (so long as it ends in .conf). Edit the file and place the following line in it:

php_admin_value suhosin.executor.func.blacklist 'show_source,popen,allow_url_fopen,system'

Save your file and restart apache

/etc/httpd/init.d/httpd restart

Browse to your phpinfo.php file and compare the Local Value against the Master Value. They should be different!

If you have any feedback, troubles or would like some additional assistance, be sure to let me know in the comments.

How to Reset Endian Firewall Admin Password via SSH

Published on 11:30 am - Thursday 27 January 2011 in Hints and Tips, Resources and Time of the Time. 0 Comments Tags: , , , , , , , , , , , , .

I recently had the need to reset my Endian Firewall Admin ‘admin’ password via SSH/Console. I believe the reasoning for this was due to the following bug:

http://bugs.endian.it/bug_view_advanced_page.php?bug_id=1824

In case the bug does not apply to you, or you’re just too lazy to visit, here’s what you need to do.

1. Login via SSH or Locally at the console.

2. Type the following:
htpasswd -m /var/efw/auth/users admin

3. At the Password prompt, type in your new password, retype your password and you’re done!

4. Login to the Endian Firewall Web Administration with your new password

5. Fixed!

Why does this happen?

Well the short of it (from the bug report) is that resetting the password  with a password that contains the ‘$’ symbol or ‘%’ symbol, via the Web Administration interface, well it breaks :-( There is a solution to the problem on the page at the link above if you’re into hacking files and things ;-) It’s actually quite simple.

Borderlands Third Person View

Published on 9:30 am - Thursday 20 January 2011 in Hints and Tips, Resources and Time of the Time. 3 Comments Tags: , , , , , , , , , , , , , , , .

I recently purchased Borderlands through Valve’s Steam Store and was quickly confronted with a problem based on the reason I purchased the game in the first place. While I admit I hadn’t conducted additional research right up until buying the game, I had been under the impression that it was playable in third person view. Personally; First Person view is fine. My girlfriend however, prefers to play games in third person. I desperately wanted to play the game multi player and cooperative, so I set about looking for a way to get third person view working. After plenty of searching and looking about the internet, I stopped hacking the configuration files and realised something, Borderlands already has the ability to be played in third person! It’s just ‘turned off’ rather than disabled.

To enable the keyboard shortcut, edit this file:

~\Steam\SteamApps\common\borderlands\WillowGame\Config\DefaultInput.ini

Be sure to make a backup copy of this file first.

Look for these lines:

-Bindings=(Name="PageDown",Command="Camera ThirdPerson")

-Bindings=(Name="End",Command="Camera FirstPerson")

Edit the lines to look like these:

Bindings=(Name="PageDown",Command="Camera ThirdPerson")

Bindings=(Name="End",Command="Camera FirstPerson")

That’s right! Remove the the ‘-’ sign from the beginning of the line, which (if you read the top part of the configuration file, this will all make sense) disables the keyboard shortcut that enables third person view. Save your configuration file and relaunch the game. Once you are in the game, hit the ‘Page Down’ key on your keyboard and you will now be in Third Person View. To switch back to First Person View, hit the ‘End’ key on your keyboard.

Now for the catch. Oh yes, there’s a catch! As I mentioned above, this is all in the name of multi player, and that’s where this little trick falls down a little. If you want to use Third Person View in multi player, you might be out of luck. Like I said, it’s a catch. If the person who wants to use Third Person View, hosts the game; that person will be able to enable the Third Person View on their computer. I haven’t tested this extensively, as there are only two of us playing multi player, but I did notice that only one of us was able to enable third person view, ie, the host.

It is possible to edit the camera position of the third person view. You will need to edit the following file:

~\Steam\SteamApps\common\borderlands\WillowGame\Config\DefaultGame.ini

Be sure to make a backup copy of this file first.

There is a section of this configuration file called:

[WillowGame.WillowPawn]

You can edit the following values:

CameraScale=5.0
CameraScaleRight=2.0
CameraScaleUp=1.0

CameraScale: How close the camera is to your character. The higher the number, the greater the distance

CameraScaleRight: How much left or right the camera is offset from the middle of the character. Higher numbers move the camera to further right, negative values are accepted and move the camera to the left.

CameraScaleUp: How far up the camera is offset from the middle of the character. Higher numbers move the camera further up. Don’t use too negative a number, the camera will end up in the ground!

This forum link here has a number of example values and screen shots to give you an idea of how you can position the camera.

If you have any questions or additional information to add, please do leave your feedback in the comments!

MacOSX boot0: error on Intel iHackintosh

Published on 10:00 pm - Wednesday 12 January 2011 in Hints and Tips, Resources and Time of the Time. 1 Comment

Recently I mucked up my primary partition containing MacOSX. Thankfully I had a system backup of it stored on another partition on the same disk (thanks Time Machine!). I was able to successfully restore the partition by booting with my installation disc (iAtkos S3 V2 10.6.3, but you could use any), but I could not start the operating system. I kept getting a ‘boot0: error’ message. After some searching, I discovered the possible reason for the error was due to my MacOSX partition no longer being marked ‘active’ or ‘bootable’.

I tried using various tools like gparted (which actually caused me more troubled than it was worth) and diskutil from the MacOSX terminal available via the installation disk. Nothing seemed to work.

For what it’s worth at this point, if you used gparted to try to set the boot flag, or modify the partition in anyway, you may have to give up and re-install. I did this, and was not only unable to see my partition with the disk utility (it showed up as empty space) I could not do anything with it either. It just showed up empty and neither diskutil (via terminal) or Disk Utility were able to use it. I eventually had to delete all partitions except for my data partition (leaving the rest as empty space) and go back to Disk Utility again. I was then able to create a new partition using Disk Utility and restore my Time Machine backup to it.

You can read more about ‘gparted troubles‘ here for a better understanding.

In the end, the following steps solved my problem. I restored my MacOSX partition one last time and rebooted. Same error. I than booted from my MacOSX installation disc and used the ‘repair disk’ option in the Disk Utility. I noticed in the Disk Utility that it actually noted that it corrected my MacOSX boot issue. When complete, I rebooted my system one last time and was finally greeted with my MacOSX login screen. Success!

I caused myself this problem by installing the latest version of MyHack, without really knowing was I was doing. After installing it and rebooting, my system was far worse off than just ‘boot0: error’. Use MyHack if you know what you are doing.