Jochem Maas wrote: > Andrew schreef: >> Hi, >> > > .... > >> As an example of the attack... >> $ whoami >> www-data > > isn't the whole point of suexec/PHP/FastCGI that the local user > has no access to the www-data account ... suexec switches to the > users account from the webserver account not the other way around. > > so the attack is moot unless there is a completely different security > hole that allows the user to run stuff as www-data. > > or am I being thick? ... could well be, socialists are renowned > for their stupidity ... just look at the eminent socialist George W. > Bush. > > so if I am being thick ... I would appreciate an explaination > as to how the webuser account manages to run stuff in the context of > the webserver account, if you have the inclination. > > PS - that last bit about socialism is off topic > PPS - I don't think I'm a much of a socialist > PPPS - I'm sure do I suffer from stupidity now and again > PPPPS - but not as much as the guy whose world-view manages to > put Dubya into a socialist pidgeonhole. Haha! -the guy (I assume) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
