Re: [Full-disclosure] Apache suEXEC privilege elevation / inform
--vEDXpVM9D0Pn4UaLuvOl7qA38jn7sCv9t
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Am 13.08.2013 21:36, schrieb Stefan Kanthak:
>> *define what is secure* and make sure you define it by context
>>
>> unlink('file_my_script_wrote'); is fine
>=20
> No, its UNSAFE!
> The standard use case of PHP is "preprocessor for HTTP demon".
> There is ABSOLUTELY no need to allow the preprocessor to unlink a file.=
come back to reality
the standard usecase of PHP is develop WEB-APPLICATIONS which are
typically deal with file-uploads and such things, you can whine
about it but *that is* the usecase of PHP
>> unlink($_GET['what_ever_input']): is a security hole
>=20
> No, not necessarily. The user who can run
>=20
> $ php -r "unlink($_GET['what_ever_input']);"
>=20
> can also run
>=20
> $ rm "$SOMEFILE"
if you would have a clue what are you speaking about you
would know what $_GET is - hint: it has nothing to do with a terminal
> OTOH: the user who can instruct his web browser to fetch
> <http://example.org/index.html> is not able to unlink $SOMEFILE by
> calling "rm".
wow - without you explaining the world that statically html pages
are safe we would go down - genius for that you do not need suEXEC,
perl, PHP or whatever at all
>> so do we now disable unlink();
>=20
> Not WE, but the developer.
> All functions which are not used in the typical operating
> environment of the resp. program (see above) have to be turned
> off by default. "file handling" is NONE of PHPs typical operations!
why do people which never wrote a serious web-application
not simply shut up in this thread?
--vEDXpVM9D0Pn4UaLuvOl7qA38jn7sCv9t
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlIKj8cACgkQhmBjz394Anne/ACeKGRj2lmH2XoVz1dWB3NYqS0g
R+UAnipAm4+N9KrWIoL5fH2//pfwKC89
=7Q0y
-----END PGP SIGNATURE-----
--vEDXpVM9D0Pn4UaLuvOl7qA38jn7sCv9t--
討論串 (同標題文章)
完整討論串 (本文為第 31 之 32 篇):