ID: 11570
Updated by: rasmus
Old-Status: Open
Status: Closed
Bug Type: Directory function related
Operating system: 
PHP Version: 4.0.4pl1
Assigned To: 

Fixed in CVS

Previous Comments:

[2001-06-20 00:22:31] [EMAIL PROTECTED]
ChDir() can be use to enter a directory which belongs to others. Hackers can use this 
hole to break the SafeMode and OpenBaseDir restriction and enter and view and even 
open files in someone else' directory.
In a multiuser environment where users must have some files with the same owner( such 
as 'nobody', to handle file-upload tasks), this hole is extremely dangerous.


ATTENTION! Do NOT reply to this email!
To reply, use the web interface found at

PHP Development Mailing List <>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to