[PHP-DEV] Bug #14448 Updated: exec()-like calls are done with webserver uid
ID: 14448 Updated by: sander Reported By: [EMAIL PROTECTED] Old Status: Open Status: Bogus Bug Type: Unknown/Other Function Operating System: Unix PHP Version: 4.1.0 New Comment: Not a bug. Expected behaviour. RTM. Safemode != suEXEC or something like that. Previous Comments: [2001-12-12 06:17:09] [EMAIL PROTECTED] When safe_mode is enabled, exec()-like calls are still done with the webserver uid, letting users execute any server scripts owned by 'www' (for example). In the case that php_safe_dir = /usr/local/phpexec: # chmod 700 /usr/local/phpexec # chown www.www /usr/local/phpexec inside i put the following sh script: #!/bin/sh # echo `id` Now i log in as user 'veins', make a php script with the following: ? exec(/usr/local/phpexec/id.sh, $value, $return); echo $value[0]; ? when i go to ~veins/id.php i get the following: uid=67(www) gid=67(www) groups=67(www) Edit this bug report at http://bugs.php.net/?id=14448edit=1 -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-DEV] Bug #14448 Updated: exec()-like calls are done with webserver uid
ID: 14448 Updated by: hholzgra Reported By: [EMAIL PROTECTED] Status: Bogus Bug Type: Unknown/Other Function Operating System: Unix PHP Version: 4.1.0 New Comment: it is (AFAIK) not even possible to change the UID for anyone but 'root'? Previous Comments: [2001-12-12 06:43:54] [EMAIL PROTECTED] Not a bug. Expected behaviour. RTM. Safemode != suEXEC or something like that. [2001-12-12 06:17:09] [EMAIL PROTECTED] When safe_mode is enabled, exec()-like calls are still done with the webserver uid, letting users execute any server scripts owned by 'www' (for example). In the case that php_safe_dir = /usr/local/phpexec: # chmod 700 /usr/local/phpexec # chown www.www /usr/local/phpexec inside i put the following sh script: #!/bin/sh # echo `id` Now i log in as user 'veins', make a php script with the following: ? exec(/usr/local/phpexec/id.sh, $value, $return); echo $value[0]; ? when i go to ~veins/id.php i get the following: uid=67(www) gid=67(www) groups=67(www) Edit this bug report at http://bugs.php.net/?id=14448edit=1 -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
