Security hole?
I have test this function in one domain and I can see the sessions contents for all domains. How can I prevent this?
PHP Code:
function f_ls(){
$command = "ls -1 /tmp/sess_*";
if ($proc = popen("($command)2>&1","r")) {
while (!feof($proc)) $contents .= fgets($proc, 1000);
}
pclose($proc);
return explode("\n",$contents);
}
use php safemode or disable certain functions.
Regards,
Brent
disable_functions
Ok... implemented disable_functions with popen.
disable_functions =dl,exec,passthru,popen,shell_exec,system
I think is more secure now but safemode will be the best solution.
Thanks!
How can I search in /home directory php files with this function? I want to know how many people will have problems after disable this function in php. Thanks!
open_basedir Protection
Hello again, why the php open_basedir Protection doesn't prevents users from opening files outside of their home directory with php like /tmp??
Because you need to be able to access temporary files from php scripts. The problem you're seeing is a result of running php without phpsuexec enabled and all sessions are owned by the nobody user. The safest way to prevent this type of access is to use phpsuexec, though it may break some scripts. Then it's up to you to trade-off security with usability. All my servers always have phpsuexec enabled and customers have to work around it.
Jonathan Michaelson
Need your cPanel servers secured and tuned?
cPanel Server Configuration, Security, Recovery and Antivirus/AntiSpam Services
Developers of the most effective (and free) Firewall & Security Solution for cPanel Servers - csf
http://www.configserver.com
LinkBack URL
About LinkBacks
Reply With Quote