On Fri, Feb 15, 2002 at 08:57:07AM -0500, Noah Berlove <[EMAIL PROTECTED]>
wrote:
> Charlie,
>
> Maybe I'm not reading the question correctly, but how is PHP different in
> this case to Perl? PHP is also installed as a binary on the server
> (/usr/bin/php), so you should be able to write PHP scripts that have
> whatever rights and permissions you want.
One doesn't follow from the other. Setuid Perl programs work because
Perl ships with a wrapper that magically handles setuidness even
though the Linux kernel explicitly ignores the setuid bit on scripts;
there's no equivalent with PHP.
(Even then, the discussion was really about mod_php, where the PHP
code essentially becomes part of the running webserver; mod_perl works
the same way.)
> As long as the script can be run by the web server, it should work.
No, it will be run with the webserver user's privileges.
-Rich
--
------------------------------ Rich Lafferty ---------------------------
Technical Support Engineer, Network Server Solutions Group
Mitel Networks, Ottawa, ON (613) 751-4404
---------------------------- [EMAIL PROTECTED] ------------------------
--
Please report bugs to [EMAIL PROTECTED]
Please mail [EMAIL PROTECTED] (only) to discuss security issues
Support for registered customers and partners to [EMAIL PROTECTED]
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
