Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: move_uploaded_file breaks safe_mode restrictions in PHP
From: sesser () php net
Date: Thu, 21 Mar 2002 17:55:46 +0100

On Thu, Mar 21, 2002 at 03:40:08PM +0100, HostDemon Internet Services wrote:
'data' directories for users who user text files for storing and 
retrieving information for use with PHP?
Like, hit counters or something like that...

Aha, and what sense do such dirs have when the php scripts arent allowed
to create/open/modify data in those directories because of safe_mode?
And if you are talking about Customer X writing to the dir of Customer Y
than it is again your configuration problem. An isp admin once said
he solves this problem by having the document roots at unguessable 
positions: ex.:   /domains/[secret-random]/domain1
/domains/[another-secret]/domain2
...


ISPs running patches that let php run as the user owning the script

Such a configuration is braindead. It will allow an attacker that is
able to inject commands to deface the webpage, because index.php is
automaticly writeable for all php scripts.
On the oother hand this config decreases the impact of the move_upload...
bug because the ISP knows exactly what customer filled the hd.
They can remove the bad guy. And quotas for the specific user will
be lower, so it decreases the diskspace that can be filled with garbage.


Stefan Esser


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]