On Tue, 15 Jun 2004 17:24, Rudy Gevaert <[EMAIL PROTECTED]> wrote: > Would it be possible to run that program trough e.g. perl/php/... ? > > A use could ftp the executable and write a php script that execute it.
Does PHP allow executing arbitary binaries? If the user can install CGI-BIN scripts then that's a good way of running a kernel security attack (or other local or back-end network attack). -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
