On Mon, Jul 02, 2001 at 03:12:43PM -0700, Joe Harris wrote:
> On Sat, 30 Jun 2001, Joost Pol wrote:
>
> If an intruder can upload PHP code, what's to stop them from uploading an
> even meaner bit-o-code? In some other language?
>
> There is something fundamentally flawed in the logic of claiming safe_mode
> as "broken" if the means to abuse that flaw is predicated upon an intruder
> already having write access to the file system... a situation I think most
> would agree as being catastrophic to the integrity of the host, "safe_mode"
> or no "safe_mode".
Well, two changes do occur.
1. User could obtain the uid of the webserver. (nobody access)
In a decent configured hosting machine, the impact would be minor.
And *all* hosting machines are configured decently, right? (:
2. An ISP only giving out ftp access for users to upload new webpages
could find themselves confronted with users with shell access.
> Is it a bug? Sure. Is it worthy of a Bugtraq posting? Barely.
Hmm, at least i should have cut it a bit. True.
The one Good Thing that came out of the bugtraq posting was that the PHP
team actually picked the issue up from the list and are fixing it.
Before that i mailed them and posted it on the php bug list, little response.
[heavy cutting]
Kind Regards,
Joost Pol
--
Joost Pol alias 'Nohican' <[EMAIL PROTECTED]> PGP 584619BD
PGP fingerprint B1FA EE66 CFAA A492 D5F8 9A8A 0CDA 5846 19BD
Laboratoire Contempt - Tel +31-6-28887995 Fax: +31-70-3873625