 |
 |
 |
 |
|
|
Date: 06/20/01
- Next message: derick <email protected>: "[PHP-DEV] Bug #11576 Updated: The PHP Files are not working"
- Previous message: paul.smith55 <email protected>: "[PHP-DEV] Bug #11583: Missing files"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
ID: 11570
Updated by: rasmus
Reported By: wangshui <email protected>
Old-Status: Open
Status: Closed
Bug Type: Directory function related
Operating system:
PHP Version: 4.0.4pl1
Assigned To:
Comments:
Fixed in CVS
Previous Comments:
---------------------------------------------------------------------------
[2001-06-20 00:22:31] wangshui <email protected>
ChDir() can be use to enter a directory which belongs to others. Hackers can use this hole to break the SafeMode and OpenBaseDir restriction and enter and view and even open files in someone else' directory.
In a multiuser environment where users must have some files with the same owner( such as 'nobody', to handle file-upload tasks), this hole is extremely dangerous.
---------------------------------------------------------------------------
ATTENTION! Do NOT reply to this email!
To reply, use the web interface found at http://bugs.php.net/?id=11570&edit=2
-- PHP Development Mailing List <http://www.php.net/> To unsubscribe, e-mail: php-dev-unsubscribe <email protected> For additional commands, e-mail: php-dev-help <email protected> To contact the list administrators, e-mail: php-list-admin <email protected>
- Next message: derick <email protected>: "[PHP-DEV] Bug #11576 Updated: The PHP Files are not working"
- Previous message: paul.smith55 <email protected>: "[PHP-DEV] Bug #11583: Missing files"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]