PHPBuilder.com, the best resource for PHP tutorials, templates, PHP manuals, content management systems, scripts, classes and more.

Linux Today
Enterprise Linux Today
Apache Today
JustLinux.com
Linux Planet
PHPBuilder
All Linux Devices
Hiermenus
DatabaseJournal
Technology Jobs

IT
Developer
Internet News
Small Business
Personal Technology
International

Search internet.com
Advertise
Corporate Info
Newsletters
Tech Jobs
E-mail Offers

Covalent Extends Apache 2.0 to Microsoft ASP.NET
ShopWorX - Support for Windows
PHP Security Advisory: Vulnerability in PHP versions 4.2.0 and 4.2.1
Network Risk Assessment
Full-Featured, Java-Based Apache GUI

Partners & Affiliates

Securing Data Sent Via GET Requests
Smarty Templating System
In Case You Missed It...The Month of March 2007
MySQL, today's contender
New Storage Engines in MySQL 5

Re: [PHP-DEV] Pretty mammoth security issue with safe_mode_exec From: Adam Wright (adam <email protected>)
Date: 01/05/01

Next message: lp <email protected>: "[PHP-DEV] Re: PHP 4.0 Bug #8117 Updated: Configuration-Error: upload_max_filesize"
Previous message: Adam Wright: "[PHP-DEV] Re: Pretty mammoth security issue with safe_mode_exec"
In reply to: Adam Wright: "[PHP-DEV] Pretty mammoth security issue with safe_mode_exec"
Next in thread: Adam Wright: "Re: [PHP-DEV] Pretty mammoth security issue with safe_mode_exec"
Reply: Adam Wright: "Re: [PHP-DEV] Pretty mammoth security issue with safe_mode_exec"
Reply: Adam Wright: "Re: [PHP-DEV] Pretty mammoth security issue with safe_mode_exec"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Woops, best ignore this patch. The bug is real, but this (untested :) patch
is fubar

adamw

----- Original Message -----
From: "Adam Wright" <adam <email protected>>
To: "PHP Development" <php-dev <email protected>>
Cc: <zeev <email protected>>
Sent: Friday, January 05, 2001 12:11 PM
Subject: [PHP-DEV] Pretty mammoth security issue with safe_mode_exec

> If you have safe mode enabled, and have a safe mode exec directory, here's
> how you can execute binarys outside of your safe mode exec directory!
>
> Normally...
>
> system("../../../../../bin/cp blah blip");
>
> would fail (as .. is blocked in _Exec (standard/exec.c)
>
> However...
>
> system("\.\./\.\./\.\./\.\./\.\./bin/cp blah blip");
>
> will work fine! This is because the .. check was performed before the
> php_escape_shell_cmd in exec.c!
>
> --We fixed it, and our PHP *still* compiles :)
>
> (untested patch for exec.c attached)
>
> adamw
> adam <email protected>
>
>
>
>

----------------------------------------------------------------------------

----
> --
> PHP Development Mailing List <http://www.php.net/>
> To unsubscribe, e-mail: php-dev-unsubscribe <email protected>
> For additional commands, e-mail: php-dev-help <email protected>
> To contact the list administrators, e-mail: php-list-admin <email protected>
-- 
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: php-dev-unsubscribe <email protected>
For additional commands, e-mail: php-dev-help <email protected>
To contact the list administrators, e-mail: php-list-admin <email protected>

Next message: lp <email protected>: "[PHP-DEV] Re: PHP 4.0 Bug #8117 Updated: Configuration-Error: upload_max_filesize"
Previous message: Adam Wright: "[PHP-DEV] Re: Pretty mammoth security issue with safe_mode_exec"
In reply to: Adam Wright: "[PHP-DEV] Pretty mammoth security issue with safe_mode_exec"
Next in thread: Adam Wright: "Re: [PHP-DEV] Pretty mammoth security issue with safe_mode_exec"
Reply: Adam Wright: "Re: [PHP-DEV] Pretty mammoth security issue with safe_mode_exec"
Reply: Adam Wright: "Re: [PHP-DEV] Pretty mammoth security issue with safe_mode_exec"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]