 |
 |
 |
 |
|
|
Date: 12/10/00
- Next message: Mage: "[PHP-DEV] Re: PHP 4.0 Bug #8188 Updated: fopen('http://***',"r") seems crash"
- Previous message: Ron Chmara: "Re: [PHP-DEV] Fwd: CHINANSL Security Advisory(CSA-200011)"
- In reply to: Ron Chmara: "Re: [PHP-DEV] Fwd: CHINANSL Security Advisory(CSA-200011)"
- Next in thread: Stanislav Malyshev: "Re: [PHP-DEV] Fwd: CHINANSL Security Advisory(CSA-200011)"
- Reply: Stanislav Malyshev: "Re: [PHP-DEV] Fwd: CHINANSL Security Advisory(CSA-200011)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Sun, 10 Dec 2000, Ron Chmara wrote:
> 4. Is Apache/win _supposed_ to have a globally readable httd.conf? Shouldn't
> the file system perms prevent this exploit?
Not necessarily. I don't have enough (read: any) knowledge about Apache/Win32,
but it may be that either:
a) The spawned children are running as the same account as the parent, or
b) No children are spawned, only threads.
In both cases above, the children or threads will (should?) be able to have
read access to the conf, because the parent requires read access.
-- Ignacio Vazquez-Abrams <ignacio <email protected>>-- PHP Development Mailing List <http://www.php.net/> To unsubscribe, e-mail: php-dev-unsubscribe <email protected> For additional commands, e-mail: php-dev-help <email protected> To contact the list administrators, e-mail: php-list-admin <email protected>
- Next message: Mage: "[PHP-DEV] Re: PHP 4.0 Bug #8188 Updated: fopen('http://***',"r") seems crash"
- Previous message: Ron Chmara: "Re: [PHP-DEV] Fwd: CHINANSL Security Advisory(CSA-200011)"
- In reply to: Ron Chmara: "Re: [PHP-DEV] Fwd: CHINANSL Security Advisory(CSA-200011)"
- Next in thread: Stanislav Malyshev: "Re: [PHP-DEV] Fwd: CHINANSL Security Advisory(CSA-200011)"
- Reply: Stanislav Malyshev: "Re: [PHP-DEV] Fwd: CHINANSL Security Advisory(CSA-200011)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]