Bugtraq mailing list archives
Re: [BUGTRAQ] php breaks safe mode
From: Steffen Dettmer <steffen () dett de>
Date: Thu, 5 Jul 2001 23:53:01 +0200
* Joost Pol wrote on Tue, Jul 03, 2001 at 02:04 +0200:
On Mon, Jul 02, 2001 at 03:12:43PM -0700, Joe Harris wrote: 1. User could obtain the uid of the webserver. (nobody access) [...] the impact would be minor.
Usually the Webserver is able to read the sources of the PHP scripts. PHP scripts may include passwords for database access. Since PHP is usually mod_php and not suexec'd, this seems to be a common problem. With account to such databases really important damage could be done! Elevated priviliges are never "minor" issues IMHO. oki, Steffen -- Dieses Schreiben wurde maschinell erstellt, es trägt daher weder Unterschrift noch Siegel.
Current thread:
- php breaks safe mode Joost Pol (Jul 01)
- Re: php breaks safe mode Laurent Papier (Jul 02)
- Re: php breaks safe mode Joost Pol (Jul 02)
- Re: php breaks safe mode Laurent Papier (Jul 03)
- Re: php breaks safe mode Patrick Oonk (Jul 03)
- Re: php breaks safe mode Joost Pol (Jul 02)
- Re: [BUGTRAQ] php breaks safe mode Joe Harris (Jul 03)
- Re: [BUGTRAQ] php breaks safe mode Joost Pol (Jul 03)
- Re: [BUGTRAQ] php breaks safe mode Raptor (Jul 05)
- Re: [BUGTRAQ] php breaks safe mode H D Moore (Jul 05)
- Re: [BUGTRAQ] php breaks safe mode Steffen Dettmer (Jul 06)
- Re: [BUGTRAQ] php breaks safe mode Joost Pol (Jul 03)
- Re: [BUGTRAQ] php breaks safe mode Steffen Dettmer (Jul 05)
- Re: [BUGTRAQ] php breaks safe mode Sander Steffann (Jul 06)
- Re: php breaks safe mode Laurent Papier (Jul 02)