Re: move_uploaded_file breaks safe_mode restrictions in PHP

[sesser () php net]

On Thu, Mar 21, 2002 at 03:40:08PM +0100, HostDemon Internet Services wrote:
> 'data' directories for users who user text files for storing and 
> retrieving information for use with PHP?
> Like, hit counters or something like that...

Aha, and what sense do such dirs have when the php scripts arent allowed
to create/open/modify data in those directories because of safe_mode?
And if you are talking about Customer X writing to the dir of Customer Y
than it is again your configuration problem. An isp admin once said
he solves this problem by having the document roots at unguessable 
positions: ex.:   /domains/[secret-random]/domain1
/domains/[another-secret]/domain2
...


> ISPs running patches that let php run as the user owning the script

Such a configuration is braindead. It will allow an attacker that is
able to inject commands to deface the webpage, because index.php is
automaticly writeable for all php scripts.
On the oother hand this config decreases the impact of the move_upload...
bug because the ISP knows exactly what customer filled the hd.
They can remove the bad guy. And quotas for the specific user will
be lower, so it decreases the diskspace that can be filled with garbage.


Stefan Esser