On Mon, Jul 02, 2001 at 05:02:50PM +0200, Laurent Papier wrote:
> I think safe_mode should always be used with open_basedir directive in
> order to limit user filesystem access.
> As error_log is limited by open_basedir, suexec is not needed to have a
> secure system as long as open_basedir is correctly set.
>
> I see nothing wrong allowing user to use error_log.
> I don't think PHP-team should change the error-log function.
This will only help when the directory specified in the open_basedir
directive is a directory in which php code is not interperted. Or a
directory which is not accesible by the user.
If the directory specified is still accesible by the user, a "malicous"
user could log php-code to an error log and have it interperted.
Since the error log would be owned by the uid of the webserver,
the phpcode logged to the errorlog will be executed with the uid
of the webserver.
(eg: log 'showsource($foo)' to bar.php3 and then later execute the
bar.php3 script. bar.php3?foo=/path/to/access_log)
The user could then read and/or write to files owned by the uid of
the webserver. (not a Good Thing)
Regards,
Joost Pol
--
Joost Pol alias 'Nohican' <joostat_private> PGP 584619BD
PGP fingerprint B1FA EE66 CFAA A492 D5F8 9A8A 0CDA 5846 19BD
Laboratoire Contempt - Tel +31-6-28887995 Fax: +31-70-3873625
This archive was generated by hypermail 2b30 : Mon Jul 02 2001 - 19:35:40 PDT