Don't forget to post to the list as well. What exactly are you concerned about. Apache won't let users browse to that directory, so they can't run stuff there. Are you worried about web scripts that create programs and then execute them? If so, PHP has options to restrict that. See: http://us2.php.net/manual/en/features.safe-mode.php Safe mode should be enabled by default.
Seth. Scott Kopel said: > But the problem remains, if SquirrelMail can write files there, it seems > that some apache user can also write and execute files there. Is there > any way to stop this? Thanks for your time. > > > > At 06:09 PM 12/2/2004, you wrote: > >> Execute permissions on directories means that users can change into the >> directory. It has no effect on whether the files inside are >> executable. Most versions of PHP write their session files to /tmp, so >> SquirrelMail >> will require it if that's how your PHP is setup. The data directory is >> where settings are kept. You need both directories to have the execute >> bit set so SquirrelMail can write files there. >> >> Seth. >> Scott Kopel said: >> >>> I have been using Squirrelmail for a few years with no problems. >>> I am currently using version 1.4.0 >>> imap server is uw webserver is apache 1.3.27 a few days ago I found in >>> the /tmp directory and executable file named "b" >>> ... which was owned by apache user >>> I couldn't tell what the file was doing so I deleted it and changed >>> the permissions to 666 on the /tmp directory.. ie not executable.. >>> when I did this I found that users couldn't login to squirrelmail so >>> it seems that squirrelmail requires apache to have execute permission >>> on the /tmp and on squrrrelmail/data directories. but in my case at >>> least it seems that apache can write to those files and execute >>> whatever... can anyone shed any light on this problem? is there anyway >>> to run squirrelmail without execute permission on the directories /tmp >>> and squirrelmail/data? or is there any way to keep apache from writing >>> files to these directories and executing them? thanks for any help >>> >>> Scott Kopel >>> English Department - FSU >>> 850 644 6177 >>> >>> >>> >>> >>> >>> ------------------------------------------------------- >>> SF email is sponsored by - The IT Product Guide >>> Read honest & candid reviews on hundreds of IT Products from real >>> users. Discover which products truly live up to the hype. Start >>> reading now. http://productguide.itmanagersjournal.com/ >>> -- >>> squirrelmail-users mailing list Posting Guidelines: >>> http://squirrelmail.org/wiki/wiki.php?MailingListPostingGuidelines >>> List Address: [EMAIL PROTECTED] >>> List Archives: >>> http://news.gmane.org/thread.php?group=gmane.mail.squirrelmail.user >>> List Archives: >>> http://sourceforge.net/mailarchive/forum.php?forum_id=2995 >>> List Info: >>> https://lists.sourceforge.net/lists/listinfo/squirrelmail-users >>> >>> >>> >> >> >> -- >> Seth Randall >> IT Support Specialist >> Missoula Federal Credit Union >> [EMAIL PROTECTED] >> >> >> >> >> ------------------------------------------------------- >> SF email is sponsored by - The IT Product Guide >> Read honest & candid reviews on hundreds of IT Products from real users. >> Discover which products truly live up to the hype. Start reading now. >> http://productguide.itmanagersjournal.com/ >> -- >> squirrelmail-users mailing list Posting Guidelines: >> http://squirrelmail.org/wiki/wiki.php?MailingListPostingGuidelines >> List Address: [EMAIL PROTECTED] >> List Archives: >> http://news.gmane.org/thread.php?group=gmane.mail.squirrelmail.user >> List Archives: >> http://sourceforge.net/mailarchive/forum.php?forum_id=2995 >> List Info: >> https://lists.sourceforge.net/lists/listinfo/squirrelmail-users >> > > Scott Kopel > English Department - FSU > 850 644 6177 > > -- Seth Randall IT Support Specialist Missoula Federal Credit Union [EMAIL PROTECTED] ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ -- squirrelmail-users mailing list Posting Guidelines: http://squirrelmail.org/wiki/wiki.php?MailingListPostingGuidelines List Address: [EMAIL PROTECTED] List Archives: http://news.gmane.org/thread.php?group=gmane.mail.squirrelmail.user List Archives: http://sourceforge.net/mailarchive/forum.php?forum_id=2995 List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
