On Mon, Jul 02, 2001 at 06:51:37PM +0200, Joost Pol wrote:
> On Mon, Jul 02, 2001 at 05:02:50PM +0200, Laurent Papier wrote:
>
> > I think safe_mode should always be used with open_basedir directive in
> > order to limit user filesystem access.
> > As error_log is limited by open_basedir, suexec is not needed to have a
> > secure system as long as open_basedir is correctly set.
> >
> > I see nothing wrong allowing user to use error_log.
> > I don't think PHP-team should change the error-log function.
>
> This will only help when the directory specified in the open_basedir
> directive is a directory in which php code is not interperted. Or a
> directory which is not accesible by the user.
>
> If the directory specified is still accesible by the user, a "malicous"
> user could log php-code to an error log and have it interperted.
>
> Since the error log would be owned by the uid of the webserver,
> the phpcode logged to the errorlog will be executed with the uid
> of the webserver.
>
> (eg: log 'showsource($foo)' to bar.php3 and then later execute the
> bar.php3 script. bar.php3?foo=/path/to/access_log)
>
> The user could then read and/or write to files owned by the uid of
> the webserver. (not a Good Thing)
SANS has a pretty good php security tutorial at
http://www.sans.org/infosecFAQ/sysadmin/PHP_sec.htm
--
Patrick Oonk - PO1-6BONE - E: [EMAIL PROTECTED] - www.pine.nl/~patrick
Pine Internet - PAT31337-RIPE - Hushmail: [EMAIL PROTECTED]
T: +31-70-3111010 - F: +31-70-3111011 - http://security.nl
PGPID 155C3934 fp DD29 1787 8F49 51B8 4FDF 2F64 A65C 42AE 155C 3934
Excuse of the day: Electrical conduits in machine room are
melting.
