Bugtraq mailing list archives

Re: [BUGTRAQ] php breaks safe mode

From: "Sander Steffann" <steffann () nederland net>
Date: Fri, 6 Jul 2001 10:25:13 +0200

Hi,

Usually the Webserver is able to read the sources of the PHP
scripts. PHP scripts may include passwords for database access.
Since PHP is usually mod_php and not suexec'd, this seems to be a
common problem. With account to such databases really important
damage could be done!


It's possible to protect yourself against this. PHP has an so-called
open_basedir restriction, with which you can specify the directories that a
script is allowed to access. You can set a different restriction for every
VirtualHost.

Sander.

Current thread:

Re: php breaks safe mode, (continued)
- Re: php breaks safe mode Laurent Papier (Jul 02)
  - Re: php breaks safe mode Joost Pol (Jul 02)
    - Re: php breaks safe mode Laurent Papier (Jul 03)
    - Re: php breaks safe mode Patrick Oonk (Jul 03)
- Re: [BUGTRAQ] php breaks safe mode Joe Harris (Jul 03)
  - Re: [BUGTRAQ] php breaks safe mode Joost Pol (Jul 03)
    - Re: [BUGTRAQ] php breaks safe mode Raptor (Jul 05)
    - Re: [BUGTRAQ] php breaks safe mode H D Moore (Jul 05)
    - Re: [BUGTRAQ] php breaks safe mode Steffen Dettmer (Jul 06)
    - Re: [BUGTRAQ] php breaks safe mode Steffen Dettmer (Jul 05)
    - Re: [BUGTRAQ] php breaks safe mode Sander Steffann (Jul 06)