 |
 |
 |
 |
|
|
Date: 01/05/01
- Next message: Adam Wright: "Re: [PHP-DEV] Pretty mammoth security issue with safe_mode_exec"
- Previous message: lp <email protected>: "[PHP-DEV] Re: PHP 4.0 Bug #8117 Updated: Configuration-Error: upload_max_filesize"
- In reply to: Adam Wright: "Re: [PHP-DEV] Pretty mammoth security issue with safe_mode_exec"
- Next in thread: Adam Wright: "Re: [PHP-DEV] Pretty mammoth security issue with safe_mode_exec"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hmm,. might be best to ignore this for the time being entirely, I'm more
inclined to think its a permissions thing with our webserver configuration
at the moment. I'll get back to you :)
Sorry for the probable misreport, my bad.
adamw
----- Original Message -----
From: "Adam Wright" <adam <email protected>>
To: "Adam Wright" <adam <email protected>>; "PHP Development"
<php-dev <email protected>>
Cc: <zeev <email protected>>
Sent: Friday, January 05, 2001 1:03 PM
Subject: Re: [PHP-DEV] Pretty mammoth security issue with safe_mode_exec
> Woops, best ignore this patch. The bug is real, but this (untested :)
patch
> is fubar
>
> adamw
>
> ----- Original Message -----
> From: "Adam Wright" <adam <email protected>>
> To: "PHP Development" <php-dev <email protected>>
> Cc: <zeev <email protected>>
> Sent: Friday, January 05, 2001 12:11 PM
> Subject: [PHP-DEV] Pretty mammoth security issue with safe_mode_exec
>
>
> > If you have safe mode enabled, and have a safe mode exec directory,
here's
> > how you can execute binarys outside of your safe mode exec directory!
> >
> > Normally...
> >
> > system("../../../../../bin/cp blah blip");
> >
> > would fail (as .. is blocked in _Exec (standard/exec.c)
> >
> > However...
> >
> > system("\.\./\.\./\.\./\.\./\.\./bin/cp blah blip");
> >
> > will work fine! This is because the .. check was performed before the
> > php_escape_shell_cmd in exec.c!
> >
> > --We fixed it, and our PHP *still* compiles :)
> >
> > (untested patch for exec.c attached)
> >
> > adamw
> > adam <email protected>
> >
> >
> >
> >
>
>
> --------------------------------------------------------------------------
-- > ---- > > > > -- > > PHP Development Mailing List <http://www.php.net/> > > To unsubscribe, e-mail: php-dev-unsubscribe <email protected> > > For additional commands, e-mail: php-dev-help <email protected> > > To contact the list administrators, e-mail: php-list-admin <email protected> > > > -- > PHP Development Mailing List <http://www.php.net/> > To unsubscribe, e-mail: php-dev-unsubscribe <email protected> > For additional commands, e-mail: php-dev-help <email protected> > To contact the list administrators, e-mail: php-list-admin <email protected> > >-- PHP Development Mailing List <http://www.php.net/> To unsubscribe, e-mail: php-dev-unsubscribe <email protected> For additional commands, e-mail: php-dev-help <email protected> To contact the list administrators, e-mail: php-list-admin <email protected>
- Next message: Adam Wright: "Re: [PHP-DEV] Pretty mammoth security issue with safe_mode_exec"
- Previous message: lp <email protected>: "[PHP-DEV] Re: PHP 4.0 Bug #8117 Updated: Configuration-Error: upload_max_filesize"
- In reply to: Adam Wright: "Re: [PHP-DEV] Pretty mammoth security issue with safe_mode_exec"
- Next in thread: Adam Wright: "Re: [PHP-DEV] Pretty mammoth security issue with safe_mode_exec"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]