Hi. On Tue, 24 Dec 2013 09:00:59 +0100 Raffaele Morelli <raffaele.more...@gmail.com> wrote:
> php script is owned by root -> full system access > > now, try `su - www-data` and have a look at the shell you are in. > there you are if you can get it. # apt-get install apache2 php5-cli … # cat > /var/www/test.php << EOF > <?php sleep(120); ?> > EOF # ls -al /var/www/test.php -rw-r--r-- 1 root root 146 Dec 24 12:10 /var/www/test.php # su - www-data $ php5 /var/www/test.php & $ ps -ef | grep php www-data 5197 5194 0 12:11 pts/0 00:00:00 php5 /var/www/test.php www-data 5199 5194 0 12:12 pts/0 00:00:00 grep php I'm still missing your point, I'm afraid. How exactly a process running as a www-data is able to perform full filesystem access? PS Resending to the list, just in case. Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131224122548.49c37973293757af349e3...@gmail.com
