> This is a serious issue... I have a php script wich lets me navigate the > entire hard disk in a cobalt raq3. I have sent it to cobalt security > people... but they just didn�t say a word about it
Welcome to the wonderful world of Unix! A user is supposed to be able to do that unless you specifically stop it. You may want to try setting safe_mode on in php.ini. This restricts a php script to only open files owned by the same owner. I believe this is what cgi-wrap does with cgi's? Good luck David Garcia Watkins [EMAIL PROTECTED] _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
