To get around this, I made a small shell script which runs as root. The php
page calls the script via the system call. All the shell script does is
move a specific file from tmp to a specific location.
I'm probably asking for someone to exploit it, but I don't know exactly what
they can do.
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]