On Tuesday 23 October 2007 09:30:01 Andy Green wrote: > > But it seems to me it's not where the real problems are for servers. > The real problems are in PHP or other scripts that accept user input as > PHP code or database queries one way or another, and it won't really > help since the attacker is running the properly signed stuff. There's a > lot of bad things the attacker can do with PHP commands, shell commands, > alias, config files, etc that all run in 'authorized' contexts. > Maybe I'm taking wrong the point but, this could be avoid by using php open basedir, right? Manuel -- Manuel Arostegui Ramirez. Electronic Mail is not secure, may not be read every day, and should not be used for urgent or sensitive issues. -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
