[21349] in bugtraq
Re: [BUGTRAQ] php breaks safe mode
daemon@ATHENA.MIT.EDU (Raptor)
Thu Jul 5 14:28:00 2001
Date: Thu, 5 Jul 2001 12:11:10 +0200 (CEST)
From: Raptor <raptor@0xdeadbeef.eu.org>
To: bugtraq@securityfocus.com
In-Reply-To: <20010703020414.A48429@badcoding.org>
Message-ID: <Pine.BSO.4.21.0107051208100.2587-100000@voodoo.rewt.mil>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
On Tue, 3 Jul 2001, Joost Pol wrote:
> Well, two changes do occur.
>
> 1. User could obtain the uid of the webserver. (nobody access)
>
> In a decent configured hosting machine, the impact would be minor.
>
> And *all* hosting machines are configured decently, right? (:
What do you exactly intend with "minor impact"? A user with the uid of the
webserver can at least kill the webserver itself... This should definitely
be an issue for a web hosting provider.
:raptor
Antifork Research, Inc. @ Mediaservice.net Srl
http://www.0xdeadbeef.eu.org http://www.mediaservice.net
