Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Vulnerability Development: Re: PHP

Re: PHP

From: Stuart Henderson <sh_at_ECLIPSE.NET.UK>
Date: Wed, 1 Dec 1999 17:11:11 +0000

> I can't remember the details of safe mode, I think possibly it just
> restricts system and exec type stuff. Be aware however that it's very
> easy for users (clueless or not) to eat loads of memory with infinite
> loops.

It restricts file access to within a specified doc_root and
restricts system() to specified a directory. Memory usage and
maximum execution time of a script can be limited. Dynamic
loading of additional user-specified extensions is disabled
in safe_mode (you are still responsible for the ones you
build in, of course).

Links are on the PHP site but they are a little deeply buried
and maybe out of date. Of course as with most open-source
projects the code itself is the most reliable place to look.
Check out the configuration and security settings of the
annotated manual for the most recent documented information.
The php list archives at http://progressive-comp.com/Lists/
are searchable and may prove useful.
Received on Dec 01 1999

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos