[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

RE: Attack using php+apache

I recommend using SuPHP to avoid run-as-apache problems:

"suPHP is a tool for executing PHP scripts with the permissions of their
owners. It consists of an Apache module (mod_suphp) and a setuid root
binary (suphp) that is called by the Apache module to change the uid of
the process executing the PHP interpreter. "

Domonkos Czinke

-----Original Message-----
From: Adam ENDRODI [mailto:borso@vekoll.saturnus.vein.hu] 
Sent: Sunday, November 16, 2003 12:33 PM
To: debian-security
Subject: Re: Attack using php+apache

On Sat, Nov 15, 2003 at 10:43:14PM -0500, Alex J. Avriette wrote:
> On Sat, Nov 15, 2003 at 08:11:34PM -0600, Tom Goulet (UID0) wrote:
> > If you have register globals off *or* safe mode on, this particular
> > exploit is useless.
> > If you had register globals on and safe mode off then he could run
> > arbitrary programs as your Apache user.  It's possible he could run
> > local root exploiting program, but that's not as likely.
> It really irritates me that people continue to use this when the
> php.ini file repeatedly warns (no, begs) you not to.

FWIW, having register globals off sometimes gives a false sense
of security.  Recently, I've discovered that PHP-Nuke just seems
to work well with this setting, because it circumventes it by
calling import_request_variables('GPC').  I'm less than happy
about PHP.


1024D/37B8D989 954B 998A E5F5 BA2A 3622  82DD 54C2 843D 37B8 D989      
finger://borso@vekoll.vein.hu | Some days, my soul's confined
http://www.keyserver.net | And out of mind
Sleep forever

To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact

Reply to: