On Thu, Mar 21, 2002 at 10:55:18AM +0100, sesser@php.net wrote: > Hi, > > first of all i want to clearify, that move_uploaded_file isn't breaking > safe_mode restrictions. move_uploaded_file lacked an openbasedir check. > That feature was added on the request of tozz. move_uploaded_file was > able to move files to directories writeable for the apache user because > of some other bug (, that was fixed several days before the bugreport) > that was not within move_uploaded_file but in some other place. > > Beside that: maybe you can tell me where the apache user has write > access to (beside /tmp) on a properly configured system? > This bug only allows to create new files, it is not possible to > write to already existing files. So the whole "security" impact on > a properly configured system is in my eyes that a customer is able > to fill the harddisk. > > > Stefan Esser > /usr/local/apache/proxy on a default apache install. p -- patrick oonk - pine internet - patrick@pine.nl - www.pine.nl/~patrick T:+31-70-3111010 - F:+31-70-3111011 - Read news at http://security.nl PGPid A4E74BBF fp A7CF 7611 E8C4 7B79 CA36 0BFD 2CB4 7283 A4E7 4BBF Note: my NEW PGP key is available at http://www.pine.nl/~patrick/ Excuse of the day: bad ether in the cables
