Well, in the current configuration, YES! As long as someone else can run PHP in the context of the same webserver, he could also run lamdaemon.pl, that is correct!
Of course we are running a protected webserver which is only accessible for administrators. Thus I haven't thought of protecting this at all... On Thursday 07 April 2011 18:15:22 Tim Rice wrote: > On Thu, 7 Apr 2011, Joschi Brauchle wrote: > > Hello Roland, hello all, > > > > I would like to share my hack to lamdaemon.inc, which circumvents the > > whole SSH-connection&superuser problem by simply running the lamdaemon > > command through apache. As apache runs as the "wwwrun" user, I > > additionally allowed wwwrun to run lamdaemon using sudo. > > Wouldn't this allow anyone with access to the web server to create/remove > home directories with lamdaemon.pl? ------------------------------------------------------------------------------ Xperia(TM) PLAY It's a major breakthrough. An authentic gaming smartphone on the nation's most reliable network. And it wants your games. http://p.sf.net/sfu/verizon-sfdev _______________________________________________ Lam-public mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/lam-public
