Bugtraq mailing list archives
Re: move_uploaded_file breaks safe_mode restrictions in PHP
From: sesser () php net
Date: Thu, 21 Mar 2002 17:55:46 +0100
On Thu, Mar 21, 2002 at 03:40:08PM +0100, HostDemon Internet Services wrote:
'data' directories for users who user text files for storing and retrieving information for use with PHP? Like, hit counters or something like that...
Aha, and what sense do such dirs have when the php scripts arent allowed to create/open/modify data in those directories because of safe_mode? And if you are talking about Customer X writing to the dir of Customer Y than it is again your configuration problem. An isp admin once said he solves this problem by having the document roots at unguessable positions: ex.: /domains/[secret-random]/domain1 /domains/[another-secret]/domain2 ...
ISPs running patches that let php run as the user owning the script
Such a configuration is braindead. It will allow an attacker that is able to inject commands to deface the webpage, because index.php is automaticly writeable for all php scripts. On the oother hand this config decreases the impact of the move_upload... bug because the ISP knows exactly what customer filled the hd. They can remove the bad guy. And quotas for the specific user will be lower, so it decreases the diskspace that can be filled with garbage. Stefan Esser
Current thread:
- move_uploaded_file breaks safe_mode restrictions in PHP Tozz (Mar 19)
- Re: move_uploaded_file breaks safe_mode restrictions in PHP Jedi/Sector One (Mar 20)
- <Possible follow-ups>
- Re: move_uploaded_file breaks safe_mode restrictions in PHP sesser (Mar 21)
- Re: move_uploaded_file breaks safe_mode restrictions in PHP Patrick Oonk (Mar 21)
- Message not available
- Re: move_uploaded_file breaks safe_mode restrictions in PHP sesser (Mar 21)
- Re: move_uploaded_file breaks safe_mode restrictions in PHP sesser (Mar 22)