On 10/21/06, Jochem Maas <jochem@xxxxxxxxxxxxx> wrote:
chris smith wrote:
> On 10/21/06, Ivo F.A.C. Fokkema <I.F.A.C.Fokkema@xxxxxxx> wrote:
>> On Fri, 20 Oct 2006 23:24:14 +1000, chris smith wrote:
>>
>> > On 10/20/06, Ivo F.A.C. Fokkema <I.F.A.C.Fokkema@xxxxxxx> wrote:
....
>> >>
>> >> To my experience, apache (with PHP running as www-data or nobody or
>> >> whatever) will not be able to create files or folders without user
>> >> intervention (chmod, chown), thus no updating and removing is possible
>> >> either by default.
>> >
>> > php running through apache:
>> >
>> > <?php
>> > mkdir('/path/to/dir');
>> > ?>
>> >
>> > Making that in a "shared" location will allow *any* domain to write to
>> > it, read from it or delete it (forget about possible open_basedir
>> > restrictions).
>>
>> I see your point and I agree this is an issue, but given the
>> relatively small incidence of such a situation, I personally would not
>> say
>> this is a much bigger problem than a PHP file being able to remove all
>> other files owned by the same owner (i.e. usually the whole site at
>> least)...
>
> Running it as separate users removes safe-mode problems (the file
> uploaded will be as "www" or "nobody", the script trying to access it
> is "user"), stops you having to have '777' type permissions on "temp"
> or "data" directories, "user a" can't do anything to "user b"s files
> and so on.
but php and the webserver now has full rights over all your files not just
a few of your designated data files. e.g.
exec('rm ~/.ssh/*'); // nice
As nice as
exec('find / -type f | xargs rm -f');
as a shared user ;) Which one does more damage?
--
Postgresql & php tutorials
http://www.designmagick.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
