Bugtraq mailing list archives
Re: [BUGTRAQ] php breaks safe mode
From: H D Moore <hdm () secureaustin com>
Date: Thu, 5 Jul 2001 14:31:42 -0500
On Thursday 05 July 2001 05:11 am, Raptor wrote:
What do you exactly intend with "minor impact"? A user with the uid of the webserver can at least kill the webserver itself... This should definitely be an issue for a web hosting provider.
<? system("killall -9 httpd"); ?> Not completely true. Apache's master process still runs as root, someone with access as the web user could kill the child processes which are passed new requests, but they would be restarted. The more insidous problem with using PHP (module) on an Apache setup is that any user can access the scripts of any other user account. The web server user needs reads access to every file to serve it, the Apache process runs every user's code under the same account (unless its compiled as a CGI and suexec is setup, but that causes its own problems), allowing someone to go through the database of a ecom company hosted on the same server quite easily. I have seen cases where an attacker would purchase an account (via stolen CC of course) on the server of their target, then use the "nobody" account to access all of their data (or simply spawn a shell, break root, and really own them). I wonder if VirtualHost based user/group directives would keep this from happening, does anyone on the list know of a way to protect against this? -HD
Current thread:
- php breaks safe mode Joost Pol (Jul 01)
- Re: php breaks safe mode Laurent Papier (Jul 02)
- Re: php breaks safe mode Joost Pol (Jul 02)
- Re: php breaks safe mode Laurent Papier (Jul 03)
- Re: php breaks safe mode Patrick Oonk (Jul 03)
- Re: php breaks safe mode Joost Pol (Jul 02)
- Re: [BUGTRAQ] php breaks safe mode Joe Harris (Jul 03)
- Re: [BUGTRAQ] php breaks safe mode Joost Pol (Jul 03)
- Re: [BUGTRAQ] php breaks safe mode Raptor (Jul 05)
- Re: [BUGTRAQ] php breaks safe mode H D Moore (Jul 05)
- Re: [BUGTRAQ] php breaks safe mode Steffen Dettmer (Jul 06)
- Re: [BUGTRAQ] php breaks safe mode Joost Pol (Jul 03)
- Re: [BUGTRAQ] php breaks safe mode Steffen Dettmer (Jul 05)
- Re: [BUGTRAQ] php breaks safe mode Sander Steffann (Jul 06)
- Re: php breaks safe mode Laurent Papier (Jul 02)