Full Disclosure mailing list archives
Re: Apache suEXEC privilege elevation / information disclosure
From: Michal Zalewski <lcamtuf () coredump cx>
Date: Sun, 11 Aug 2013 07:52:05 -0700
for doing this features in httpd.conf you can use AllowOverride None instead of AllowOverride all
AllowSymlinks is a red herring here (hardlinks should do, unless you have stuff partitioned in a very thoughtful way, which most don't), similarly to suexec. In general, sharing web hosting providers that allow shell access or scripting are pretty much boned in a myriad of ways. /mz _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Apache suEXEC privilege elevation / information disclosure king cope (Aug 07)
- Message not available
- Re: Apache suEXEC privilege elevation / information disclosure king cope (Aug 07)
- Re: Apache suEXEC privilege elevation / information disclosure andfarm (Aug 07)
- Re: Apache suEXEC privilege elevation / information disclosure E R (Aug 08)
- Re: Apache suEXEC privilege elevation / information disclosure Michal Zalewski (Aug 11)
- Re: Apache suEXEC privilege elevation / information disclosure king cope (Aug 07)
- Message not available
- Re: Apache suEXEC privilege elevation / information disclosure Kingcope (Aug 09)
- Re: Apache suEXEC privilege elevation / information disclosure Noel Butler (Aug 09)
- Re: Apache suEXEC privilege elevation / information disclosure Kingcope (Aug 09)
- Re: Apache suEXEC privilege elevation / information disclosure Noel Butler (Aug 09)
- Re: Apache suEXEC privilege elevation / information disclosure R. Whitney (Aug 09)
- Re: Apache suEXEC privilege elevation / information disclosure mezgani ali (Aug 09)
- Re: Apache suEXEC privilege elevation / information disclosure Noel Butler (Aug 09)
- Re: Apache suEXEC privilege elevation / Dico Emil (Aug 09)
- Re: Apache suEXEC privilege elevation / information disclosure Kingcope (Aug 09)
- Re: Apache suEXEC privilege elevation / information disclosure Kingcope (Aug 09)