Bugtraq mailing list archives

Re: PHP3 safe_mode and popen()

From: d.tilloy () NNX COM (David TILLOY)
Date: Tue, 4 Jan 2000 23:51:33 +0100


Kristian Koehntopp [kris () KOEHNTOPP DE] a Ã©crit:

PHP3 (http://www.php.net) is a scripting language used in many
webhosting setups. Often in hosting setups so called "safe_mode"
is enabled, which restricts the user in many ways. For example,
in safe_mode you are supposed to be able to execute only
programs from a safe_mode_exec_dir, if one is defined. Within
that directory there should be only a restricted command set
that is considered safe.


        [.../...]
        
        Right... Your patch seems to work only with php-3.0.12.
        I attach modified version for php-3.0.13.
        
dav.


--
David TILLOY - Chef de projets - <d.tilloy () nnx com>
Neuronnexion (nnx) - 19/21, rue des Augustins - F-80000 Amiens
Voice (+33 3).22.71.61.90 - Fax (+33 3).22.71.61.99


<HR NOSHADE>
<UL>
<LI>text/plain attachment: php_popen-3.0.13.patch
</UL>

Current thread:

PHP3 safe_mode and popen() Kristian Koehntopp (Jan 03)
- FWD: Redhat advisory Alfred Huger (Jan 04)
  - Re: FWD: Redhat advisory (RPM --upgrade/-U vs. --freshen/-F) Peter W (Jan 04)
- Re: PHP3 safe_mode and popen() David TILLOY (Jan 04)
  - Re: PHP3 safe_mode and popen() Thomas Köhler (Jan 05)
  - CuteFTP saved password 'encryption' weakness Nick FitzGerald (Jan 05)
    - Re: CuteFTP saved password 'encryption' weakness Brian Kifiak (Jan 05)
  - Handspring Visor Network HotSync Security Hole Jay C Austad (Jan 05)
    - Re: Handspring Visor Network HotSync Security Hole Jim Frost (Jan 06)
    - Re: Handspring Visor Network HotSync Security Hole Chris Adams (Jan 07)
    - Re: Handspring Visor Network HotSync Security Hole Jason Spence (Jan 06)
  - Re: PHP3 safe_mode and popen() Kristian Koehntopp (Jan 06)
- [rootshell] Security Bulletin #27 Kit Knox (Jan 04)