Re: move_uploaded_file breaks safe_mode restrictions in PHP

• Previous message: Georgi Guninski: "Re: NMRC Advisory - KeyManager Issue in ISS RealSecure on Nokia Appliances"
• Maybe in reply to: Tozz: "move_uploaded_file breaks safe_mode restrictions in PHP"
• Next in thread: Patrick Oonk: "Re: move_uploaded_file breaks safe_mode restrictions in PHP"
• Reply: Patrick Oonk: "Re: move_uploaded_file breaks safe_mode restrictions in PHP"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

first of all i want to clearify, that move_uploaded_file isn't breaking
safe_mode restrictions. move_uploaded_file lacked an openbasedir check.
That feature was added on the request of tozz. move_uploaded_file was
able to move files to directories writeable for the apache user because
of some other bug (, that was fixed several days before the bugreport)
that was not within move_uploaded_file but in some other place.

Beside that: maybe you can tell me where the apache user has write
access to (beside /tmp) on a properly configured system?
This bug only allows to create new files, it is not possible to
write to already existing files. So the whole "security" impact on
a properly configured system is in my eyes that a customer is able
to fill the harddisk.


Stefan Esser

• Next message: hellNbak: "Re: NMRC Advisory - KeyManager Issue in ISS RealSecure"
• Previous message: Georgi Guninski: "Re: NMRC Advisory - KeyManager Issue in ISS RealSecure on Nokia Appliances"
• Maybe in reply to: Tozz: "move_uploaded_file breaks safe_mode restrictions in PHP"
• Next in thread: Patrick Oonk: "Re: move_uploaded_file breaks safe_mode restrictions in PHP"
• Reply: Patrick Oonk: "Re: move_uploaded_file breaks safe_mode restrictions in PHP"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Mar 21 2002 - 05:56:26 PST