[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] php security



> This is a serious issue... I have a php script wich lets me navigate the
> entire hard disk in a cobalt raq3. I have sent it to cobalt security
> people... but they just didn´t say a word about it

Welcome to the wonderful world of Unix! A user is supposed to be able to do
that unless you specifically stop it.

You may want to try setting safe_mode on in php.ini. This restricts a php
script to only open files owned by the same owner.  I believe this is what
cgi-wrap does with cgi's?

Good luck
David Garcia Watkins
dgw@xxxxxxxxxx