Full Disclosure mailing list archives
Re: PHP Safedir Restriction Bypass Vulnerabilities
From: Stefan Esser <sesser () php net>
Date: Tue, 18 Oct 2005 23:54:46 +0200
Hello,
In reguads to the the curl, I have just checked all the php curl code this was fixed in 4.3.10 from what i can see, because i wrote a patch to stop the openbase dir in curl until php fixed it, i submited it along time ago but the php dev's were all "blah blah blah 3rd party software blah blah not our problem"
Just because you close one (more) file:// hole with a patch, you do not solve the 3rd party library problem. As long you have CURL compiled with file:// support you can bypass safe_mode/open basedir in PHP. There are enough hidden features in libcurl that allow to feed it with file:// URLs without PHP ever knowing about it. Just face it safe_mode is not safe, was never and will never be. It is simply impossible for an application to put access control restrictions over (hidden) features of 3rd party libraries, that are not exported. And with PHP6 safe_mode, register_globals and all the crap will most probably disappear. Stefan -- -------------------------------------------------------------------------- Stefan Esser sesser () php net Hardened-PHP Project http://www.hardened-php.net/ GPG-Key gpg --keyserver pgp.mit.edu --recv-key 0x15ABDA78 Key fingerprint 7806 58C8 CFA8 CE4A 1C2C 57DD 4AE1 795E 15AB DA78 -------------------------------------------------------------------------- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- PHP Safedir Restriction Bypass Vulnerabilities peter MC tachatte (Oct 17)
- Re: PHP Safedir Restriction Bypass Vulnerabilities VeNoMouS (Oct 18)
- Re: PHP Safedir Restriction Bypass Vulnerabilities Stefan Esser (Oct 18)
- Re: PHP Safedir Restriction Bypass Vulnerabilities VeNoMouS (Oct 18)