> >> ... and I am -- A shared host server that is.
> >
> > Now I'm not sure on this, I haven't tested it. Has anyone?
> Is this particular vulnerability only in existence when the server is
> pretty
> open?  I mean, on my particular host, I can't FTP to anything outside
> docroot, and I can't use SSH, telnet, etc.

That's for you, but when you run a PHP script, you run it as user
Apache, www, nobody, etc...however your system is set up (if PHP is a

> phpinfo() says my session.save-path is /tmp -- since (in theory) I
> get
> the files via telnet, FTP or HTTP, the only option I can think of
would be
> another user on the host gaining access to it via a PHP script...
> I'm
> not sure can be done, and can't really test, because I wouldn't know
> to
> do it.

Yes, the attack could only come from someone on the same server. That's
why dedicated servers are preferred and why safe_mode is used on virtual
aervers. Safe_mode may protect the sessions, too, not sure. 

$_SESSION['Logged_On'] = 1;
$_SESSION['Admin'] = 1;
$s = serialize($_SESSION);

$fp = fopen("/tmp/bad_session.file","w");


I don't have a virtual server environment to actually test this out
with, though...and it would require a lot of work from the hacker...but
what else do they have to do. Get a dedicated server...they really
aren't that expensive anymore.

---John Holmes...

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to