2013/12/24 Reco <recovery...@gmail.com> > Hi. > > On Tue, 24 Dec 2013 08:47:17 +0100 > Raffaele Morelli <raffaele.more...@gmail.com> wrote: > > > I think you should read man pages on shells and privileges first and > what a > > user can do. > > Can you elaborate please how exactly serving root-owned file with > apache is a bad thing for security? >
php script is owned by root -> full system access now, try `su - www-data` and have a look at the shell you are in. there you are if you can get it. > > Reco
