On Mon, Jul 02, 2001 at 03:12:43PM -0700, Joe Harris wrote: > On Sat, 30 Jun 2001, Joost Pol wrote: > > If an intruder can upload PHP code, what's to stop them from uploading an > even meaner bit-o-code? In some other language? > > There is something fundamentally flawed in the logic of claiming safe_mode > as "broken" if the means to abuse that flaw is predicated upon an intruder > already having write access to the file system... a situation I think most > would agree as being catastrophic to the integrity of the host, "safe_mode" > or no "safe_mode". Well, two changes do occur. 1. User could obtain the uid of the webserver. (nobody access) In a decent configured hosting machine, the impact would be minor. And *all* hosting machines are configured decently, right? (: 2. An ISP only giving out ftp access for users to upload new webpages could find themselves confronted with users with shell access. > Is it a bug? Sure. Is it worthy of a Bugtraq posting? Barely. Hmm, at least i should have cut it a bit. True. The one Good Thing that came out of the bugtraq posting was that the PHP team actually picked the issue up from the list and are fixing it. Before that i mailed them and posted it on the php bug list, little response. [heavy cutting] Kind Regards, Joost Pol -- Joost Pol alias 'Nohican' <joostat_private> PGP 584619BD PGP fingerprint B1FA EE66 CFAA A492 D5F8 9A8A 0CDA 5846 19BD Laboratoire Contempt - Tel +31-6-28887995 Fax: +31-70-3873625
This archive was generated by hypermail 2b30 : Tue Jul 03 2001 - 11:31:03 PDT