[2152] in linux-security and linux-alert archive
[linux-security] Re: php3 module and security
daemon@ATHENA.MIT.EDU (Levy Carneiro Jr.)
Mon May 10 03:19:03 1999
Date: Fri, 09 Apr 1999 01:01:35 -0300
To: "Gavin M. Roy" <gmr@nextpath.com>
From: "Levy Carneiro Jr." <levy@fractal.com.br>
Cc: linux-security@redhat.com
In-Reply-To: <37347E66.2D3AB5DE@nextpath.com>
Resent-From: linux-security@redhat.com
Resent-Reply-To: linux-security@redhat.com
At 11:11 08/05/99 -0700, you wrote:
>Files in any web directory with the extention .php3 will be interpreted,
and no
>others will be unless specified to do so. How is this a security breach?
If a user in a ISP create a file .php3 with read/write functions,
he'll have permissions to read/overwrite some private files.
I need a way to specify which directory will be viewed by the parser.
In the php3.ini file there are some directives, but only for binary mode
of using php3, not as module in apache.
Thanks,
lacj
---
<levy@null.net>
Levy Carneiro Jr.
Linux & Network Admin
--
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------
To unsubscribe:
mail -s unsubscribe linux-security-request@redhat.com < /dev/null
