Am 08.10.2013 11:32, schrieb Manuel Bieling:
> On 2013.10.08 09:16:11 +0200, li...@rhsoft.net wrote: 
>> i never allowed any webserver in the past 10 years to
>> use the sendmail binary for a lot of reasons like header
>> injections and so on 
> 
> Good, but possibly would not have helped. For me it looks obvious like
> 'Stealrat' which opens a socket too.

postfix does not need to relay without authentication even on 127.0.0.1

> I never used PHP in the past 10
> years would be more convincing. However, I agree using a mail relay and
> mail storage on one maschine with a webserver is too much.
>  
> if(@mail($recipient, $subject, $message, $reply . $type, "-f$sender"))
>   die(chr(79) . chr(75) . md5(1234567890) . "+0");
> 
> [...]
> 
> if(!in_array('fsockopen', $config))
>   $socket = @fsockopen($address, 25, $errno, $errstr, 20);
> elseif(!in_array('pfsockopen', $config))
>   $socket = @pfsockopen($address, 25, $errno, $errstr, 20);
> 
> [...]

disable_functions = "exec, passthru, shell_exec, system, proc_open, proc_close, 
proc_nice, proc_terminate,
proc_get_status, pcntl_exec, apache_child_terminate, posix_kill, posix_mkfifo, 
posix_setpgid, posix_setsid,
posix_setuid, mail, symlink, link, dl, get_current_user, getmypid, getmyuid, 
getrusage, fsockopen, pfsockopen,
socket_accept, socket_bind, openlog, syslog"

Reply via email to