[16552] in bugtraq
FW: [PHP-DEV] FW: (SRADV00001) Arbitrary file disclosure
daemon@ATHENA.MIT.EDU (Signal 11)
Mon Sep 4 21:21:35 2000
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id: <NEBBKPCNALMEJENIHFBIGEGGCAAA.signal11@mediaone.net>
Date: Mon, 4 Sep 2000 12:10:58 -0500
Reply-To: Signal 11 <signal11@MEDIAONE.NET>
From: Signal 11 <signal11@MEDIAONE.NET>
To: BUGTRAQ@SECURITYFOCUS.COM
Resending, last one bounced...
-----Original Message-----
From: Rasmus Lerdorf [mailto:rasmus@php.net]
Sent: Monday, September 04, 2000 12:34 AM
To: Signal 11
Cc: php-dev@lists.php.net
Subject: Re: [PHP-DEV] FW: (SRADV00001) Arbitrary file disclosure
throughPHP file upload
> This just hit bugtraq. I'm formulating a reply presently, and will
> cc you in on it. I think the author may be getting ahead of himself.
> I still need to backpedal through the bug lists and see if this hasn't
> been logged before..
He is a little bit confused. This has nothing to do with register_globals
and turning off register_globals does nothing to fix this issue. I
committed a patch which fixes the problem, but we will probably refine it.
My suggestion is for people to simply check their $userfile_name variable
and make sure they are copying a file from their tmp directory and nowhere
else. And of course, your web server user id should not have access to
sensitive files on your system anyway.
-Rasmus
