securing PHP (was: Kernel Crash Bug????)

To: debian-security@lists.debian.org
Subject: securing PHP (was: Kernel Crash Bug????)
From: Rudy Gevaert <rudy@zeus.UGent.be>
Date: Tue, 15 Jun 2004 10:35:33 +0200
Message-id: <[🔎] 20040615083533.GB3865@zeus.UGent.be>
In-reply-to: <[🔎] 20040615082333.GA26472@hexstream>
References: <[🔎] 20040614165754.42940.qmail@web50407.mail.yahoo.com> <[🔎] 20040615072441.GA28772@zeus.UGent.be> <[🔎] 200406151752.18836.russell@coker.com.au> <[🔎] 20040615082333.GA26472@hexstream>

On Tue, Jun 15, 2004 at 09:23:33AM +0100, David Ramsden wrote:
> On Tue, Jun 15, 2004 at 05:52:18PM +1000, Russell Coker wrote:

> > Does PHP allow executing arbitary binaries?
> > 
> [snip]
> 
> Yes, unless in your php.ini you have something along the lines of:
> disable_functions = system,passthru,shell_exec,popen,proc_open

Can somebody point me to some documentation about securing PHP?

-- 
Rudy Gevaert                rudy@zeus.UGent.be
Web page                    http://www.webworm.org
Schamper sysadmin           http://www.schamper.ugent.be
GNU/Linux user and Savannah hacker http://savannah.gnu.org
On-line, adj.:
        The idea that a human being should always be accessible to a computer.

Reply to:

Follow-Ups:
- Re: securing PHP (was: Kernel Crash Bug????)
  - From: Jeroen van Wolffelaar <jeroen@wolffelaar.nl>
- Re: securing PHP (was: Kernel Crash Bug????)
  - From: Hideki Yamane <henrich@iijmio-mail.jp>

References:
- Kernel Crash Bug????
  - From: peace bwitchu <peacebwitchu@yahoo.com>
- Re: Kernel Crash Bug????
  - From: Rudy Gevaert <rudy@zeus.UGent.be>
- Re: Kernel Crash Bug????
  - From: Russell Coker <russell@coker.com.au>
- Re: Kernel Crash Bug????
  - From: David Ramsden <david@hexstream.eu.org>

Prev by Date: Re: may CAN-2004-041[678] affect on woody?
Next by Date: Re: securing PHP (was: Kernel Crash Bug????)
Previous by thread: Re: Kernel Crash Bug????
Next by thread: Re: securing PHP (was: Kernel Crash Bug????)
Index(es):
- Date
- Thread