[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-security] PHP upload/dir permissions

Subject: [cobalt-security] PHP upload/dir permissions
From: "Andy Clyde, oxfordmusic.net" <cobalt-security@xxxxxxxxxxxxxxx>
Date: Tue, 17 Jun 2003 15:08:26 +0100
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

i've just had to help a client out with uploading via a PHP script.

i have 'open_basedir' and 'upload_tmp_dir' set on a per site basis in
/etc/httpd.conf but this still wasn't working - the script was defaulting to
/tmp and not /home/sites/siteXX/tmp as it should have been. i eventually
solved this by changing the permissions on /home/sites/siteXX/tmp to 777.
it also seems that i need to chmod 777 all the directories in the path where
the tmp.uploaded.file is to be saved.

this seems a bit dangerous. is there a workround? or is it safe?

cheers

andy

Follow-Ups:
- Re: [cobalt-security] PHP upload/dir permissions
  - From: E.B. Dreger

Prev by Date: Re: [cobalt-security] race condition in kernel/kmod.c
Next by Date: Re: [cobalt-security] PHP upload/dir permissions
Previous by thread: Re: [cobalt-security] race condition in kernel/kmod.c
Next by thread: Re: [cobalt-security] PHP upload/dir permissions

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index