From:             [EMAIL PROTECTED]
Operating system: Linux
PHP version:      4.0.4pl1
PHP Bug Type:     Directory function related
Bug description:  Security Hole on ChDir()

ChDir() can be use to enter a directory which belongs to others. Hackers can use this 
hole to break the SafeMode and OpenBaseDir restriction and enter and view and even 
open files in someone else' directory.
In a multiuser environment where users must have some files with the same owner( such 
as 'nobody', to handle file-upload tasks), this hole is extremely dangerous.

Edit Bug report at:

PHP Development Mailing List <>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to