Re: php mail function bypass safe_mode restriction

From: Laurent Sintes (sintesat_private)
Date: Wed Jul 18 2001 - 11:03:39 PDT

Next message: David LeBlanc: "RE: W2k: Unkillable Applications"

Previous message: Rude Yak: "Re: Squid cross-site scripting (Fw: Squid doesn't quote urls in error messages.)"
In reply to: Salim Gasmi: "Re: php mail function bypass safe_mode restriction"
Next in thread: Laurent Sintes: "Re: php mail function bypass safe_mode restriction"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> Add this line:  extra_cmd=NULL;
> in file ext/standard/mail.c, (line #152, juste before if (extra_cmd != 
> NULL) { ) :
> and recompile php.

You can also use extra_cmd = php_escape_shell_cmd(extra_cmd); 
to unescape all characters.

In latest CVS you can see 
extra_cmd = php_escape_shell_arg(Z_STRVAL_PP(argv[4]));  

But it is not a suffisant check because php_escape_shell_arg
does not escape all charaters.

See ext/standard/exec.c for php_escape_shell_* code.

Next message: David LeBlanc: "RE: W2k: Unkillable Applications"
Previous message: Rude Yak: "Re: Squid cross-site scripting (Fw: Squid doesn't quote urls in error messages.)"
In reply to: Salim Gasmi: "Re: php mail function bypass safe_mode restriction"
Next in thread: Laurent Sintes: "Re: php mail function bypass safe_mode restriction"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Jul 19 2001 - 09:02:36 PDT