Re: [BUGTRAQ] php breaks safe mode

From: Raptor (raptorat_private)
Date: Thu Jul 05 2001 - 03:11:10 PDT

Next message: Charles Stevenson: "lmail local root exploit"

Previous message: Hank Wang: "Re: "at" is vulnerable on Solaris 7 and 8"
In reply to: Joost Pol: "Re: [BUGTRAQ] php breaks safe mode"
Next in thread: H D Moore: "Re: [BUGTRAQ] php breaks safe mode"
Reply: H D Moore: "Re: [BUGTRAQ] php breaks safe mode"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 3 Jul 2001, Joost Pol wrote:

> Well, two changes do occur.
> 
> 1. User could obtain the uid of the webserver. (nobody access)
> 
>    In a decent configured hosting machine, the impact would be minor. 
> 
>    And *all* hosting machines are configured decently, right? (:

What do you exactly intend with "minor impact"? A user with the uid of the
webserver can at least kill the webserver itself... This should definitely
be an issue for a web hosting provider.

:raptor
Antifork Research, Inc.			@ Mediaservice.net Srl
http://www.0xdeadbeef.eu.org		http://www.mediaservice.net

Next message: Charles Stevenson: "lmail local root exploit"
Previous message: Hank Wang: "Re: "at" is vulnerable on Solaris 7 and 8"
In reply to: Joost Pol: "Re: [BUGTRAQ] php breaks safe mode"
Next in thread: H D Moore: "Re: [BUGTRAQ] php breaks safe mode"
Reply: H D Moore: "Re: [BUGTRAQ] php breaks safe mode"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Jul 05 2001 - 11:28:24 PDT