Hi, I follow bugtraq and recently there was a thread
regarding safe_mode of php and how to "break" it.
The thread was killed without a conclusion to where
this is really a new threat or the same problem
(scripts executed with sage uid/gid of the web
server).
So, I was wondering if the php-dev tea
"users", then any files
that have the group read/write/exec permissions set
could possibly be "vulnerable" to other user's scripts.
> -Original Message-
> From: Aaron Bennett [mailto:[EMAIL PROTECTED]]
> Subject: RE: [PHP] PHP/Apache security question
>
Aaron Bennett
[EMAIL PROTECTED]
-Original Message-
From: ..s.c.o.t.t.. [mailto:[EMAIL PROTECTED]]
Sent: Saturday, July 07, 2001 4:33 PM
To: Php-General
Subject: RE: [PHP] PHP/Apache security question
of course that's possible... it's not default, but it's very possible
i think it'
of course that's possible... it's not default, but it's very possible
i think it's an apache module called suEXEC
that will run the script with the script owner's name.group,
not apache.apache
> -Original Message-
> From: [EMAIL PROTECTED]
> Subject:
Hello list,
I have a security problem to solve with my apache setup and I am clueless
at this moment...
My web server holds multiple domains and uses name-based virtual servers
to direct requests to different portions of the html tree for different
domain names (we presume only one IP is availa
5 matches
Mail list logo
