Re: PHP3 safe_mode and popen()

To: BUGTRAQ@xxxxxxxxxxxxxxxxx
Subject: Re: PHP3 safe_mode and popen()
From: David TILLOY <d.tilloy@xxxxxxx>
Date: Tue, 4 Jan 2000 23:51:33 +0100
Approved-by: aleph1@SECURITYFOCUS.COM
Delivered-to: bugtraq@lists.securityfocus.com
Delivered-to: BUGTRAQ@securityfocus.com
In-reply-to: <20000103224740.16223@white.koehntopp.de>
References: <20000103224740.16223@white.koehntopp.de>
Reply-to: David TILLOY <d.tilloy@xxxxxxx>
Sender: Bugtraq List <BUGTRAQ@xxxxxxxxxxxxxxxxx>

Kristian Koehntopp [kris@xxxxxxxxxxxx] a écrit:
> PHP3 (http://www.php.net) is a scripting language used in many
> webhosting setups. Often in hosting setups so called "safe_mode"
> is enabled, which restricts the user in many ways. For example,
> in safe_mode you are supposed to be able to execute only
> programs from a safe_mode_exec_dir, if one is defined. Within
> that directory there should be only a restricted command set
> that is considered safe.

	[.../...]
	
	Right... Your patch seems to work only with php-3.0.12.
	I attach modified version for php-3.0.13.
	
dav.


--
David TILLOY - Chef de projets - <d.tilloy@xxxxxxx>
Neuronnexion (nnx) - 19/21, rue des Augustins - F-80000 Amiens
Voice (+33 3).22.71.61.90 - Fax (+33 3).22.71.61.99

Attachment Converted: "d:\apps\e-mail\eudorapro\attach\php_popen-3.0.13.patch"

Follow-Ups:
- Re: PHP3 safe_mode and popen()
  - From: Thomas Köhler
- Re: PHP3 safe_mode and popen()
  - From: Kristian Koehntopp

References:
- PHP3 safe_mode and popen()
  - From: Kristian Koehntopp

Prev by Date: Re: Hotmail security hole - injecting JavaScript using <IMGLOWSRC="javascript:....">
Next by Date: The WebTV Email Exploit
Previous by thread: PHP3 safe_mode and popen()
Next by thread: Re: PHP3 safe_mode and popen()
Index(es):
- Date
- Thread