[35139] in bugtraq
Re: Possible bug in PHPNuke and other CMS
daemon@ATHENA.MIT.EDU (BlueRaven)
Fri Jun 4 20:03:32 2004
Mime-Version: 1.0 (Apple Message framework v618)
In-Reply-To: <40BCB951.2040906@libero.it>
Content-Type: text/plain; charset=US-ASCII; format=flowed
Message-Id: <3741ADBC-B622-11D8-A48A-000A95C6065C@ravenconsulting.it>
Content-Transfer-Encoding: 7bit
From: BlueRaven <blue@ravenconsulting.it>
Date: Fri, 4 Jun 2004 14:25:07 +0200
To: Bugtraq <bugtraq@securityfocus.com>
Il giorno 01/giu/04, alle 19:13, Luca Falavigna ha scritto:
> File permissions must always permit execution of php pages by web
> servers. And symlink is followed and code executed because web servers
> must have access to that directory and code. We can operate with php
> security options too and obtain the same result but what if we cannot
> modify them? We are uncovered!!!
Agreed, but I think that, in this case, the real problem would be an
insecure configuration of the underlying webserver: any security-aware
administrator should configure it to NOT follow symlinks or, at last,
follow them if and only if the destination file belongs to the same
user (SymLinksIfOwnerMatch directive in Apache).
--
BlueRaven
Did you know that, if you play a Windows 2000 CD backwards,
you will hear the voice of Satan? That's nothing!
If you play it forward, it will install Windows 2000!!!
