Re: SECURITY HOLE in MySQL module in PHP
Hello!
Sorry. My mistake.
BTW, this is serios bug exactly in *php*, because *php* allow mysql
library to access files that should be hidden for user.
Very strange that most users think that this is mysql bug.
This is *php* bug cause *php* introduce safe mode, so *php* must watch
that this feature works well. I think php-mysql module should check owner
and permissions for files that trying to be uploaded, and deny request
if safe mode restrictions oblige it.
BTW, maybe the most right way is to do checking file permissions in the
ld-preloaded "updated" library that replaces standard "open" (and so on)
functions? So, safe-mode restrictions will be applied to all modules and
all non-suid sub-programs.
Best regards,
Dmitry N. Hramtsov
On Thu, 7 Feb 2002, Noel Koethe wrote:
> On Don, 07 Feb 2002, Dmitry N. Hramtsov wrote:
>
> > As I can see this bug already fixed (Status: Closed) in PHP:
> > http://bugs.php.net/bug.php?id=15375,
> > so we should just wait for updated package from maintainer.
>
> Maybe its a good idea to read the bug and why it is closed:
>
> --8<--
> [5 Feb 9:53am] zak@php.net
>
> Verified that the exploit allows any file readable by the
> MySQL server to be viewed via this technique. Note that
> forbidding the MySQL user CREATE permission does make the
> exploit less convenient for the attacker.
>
> The MySQL dev team is looking at ways to reduce this risk
> via MySQL permission behavior in the server.
>
> Given Rasmus' feedback on the issue, I am closing this as
> a PHP bug. Hopefully, the MySQL dev team should be able
> eliminate or reduce this risk. If we can't completely
> resolve it, I will re-examine this bug.
>
> --zak@[mysql|php].com
> --8<--
>
>
> --
> NoХl KЖthe
>
>
>
>
>
>
>
Reply to: