From: Gaby vanhegan [mailto:[EMAIL PROTECTED] > > I would think php, but this doesn't explain it unless you turned the > > chroot off. > > Due to historical reasons, we're not running apache chrooted. This > is why they're in /tmp rather than /var/www/tmp, or any other place.
Given the security posture of a system running PHP (and PHP apps with a poor security history) in a non-chrooted environment, I'd agree that you've got a pretty acute risk avenue staring you in the face. DS
