On 6/26/07, Al Rider <alan@xxxxxxxxxxxxx> wrote:
I think most systems have a /tmp directory above the web dir, so
outsiders can't watch it anyhow.
True, but on an unsecured box, this becomes possible, as Apache
will most likely be running universally as `nobody`, `httpd`,
`apache`, or `daemon` for all scripts, including all web-based scripts
writing to the /tmp directory. This includes session information,
temporary .php files (as Marius requested), et cetera.
Proof of concept:
<?
if(is_dir('/tmp')) {
$handle = opendir('/tmp');
while(False !== ($ls_file = readdir($handle))) {
if(is_file('/tmp/'.$ls_file)) {
echo "==== /tmp/".$ls_file.": ====\n";
$filename = fopen('/tmp/'.$ls_file,"r");
fread($filename,filesize($filename));
echo "==== END ".$ls_file." ====\n";
}
}
}
closedir($handle);
?>
--
Daniel P. Brown
[office] (570-) 587-7080 Ext. 272
[mobile] (570-) 766-8107
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
