On Mon, Jul 02, 2001 at 06:51:37PM +0200, Joost Pol wrote: > On Mon, Jul 02, 2001 at 05:02:50PM +0200, Laurent Papier wrote: > > > I think safe_mode should always be used with open_basedir directive in > > order to limit user filesystem access. > > As error_log is limited by open_basedir, suexec is not needed to have a > > secure system as long as open_basedir is correctly set. > > > > I see nothing wrong allowing user to use error_log. > > I don't think PHP-team should change the error-log function. > > This will only help when the directory specified in the open_basedir > directive is a directory in which php code is not interperted. Or a > directory which is not accesible by the user. > > If the directory specified is still accesible by the user, a "malicous" > user could log php-code to an error log and have it interperted. > > Since the error log would be owned by the uid of the webserver, > the phpcode logged to the errorlog will be executed with the uid > of the webserver. > > (eg: log 'showsource($foo)' to bar.php3 and then later execute the > bar.php3 script. bar.php3?foo=/path/to/access_log) > > The user could then read and/or write to files owned by the uid of > the webserver. (not a Good Thing) SANS has a pretty good php security tutorial at http://www.sans.org/infosecFAQ/sysadmin/PHP_sec.htm -- Patrick Oonk - PO1-6BONE - E: patrickat_private - www.pine.nl/~patrick Pine Internet - PAT31337-RIPE - Hushmail: p.oonkat_private T: +31-70-3111010 - F: +31-70-3111011 - http://security.nl PGPID 155C3934 fp DD29 1787 8F49 51B8 4FDF 2F64 A65C 42AE 155C 3934 Excuse of the day: Electrical conduits in machine room are melting.
This archive was generated by hypermail 2b30 : Tue Jul 03 2001 - 13:07:39 PDT