php5: PHP session.save_path vulnerability

Miroslav Lachman Thu, 10 Sep 2009 04:40:28 -0700

The following reply was made to PR ports/138698; it has been noted by GNATS.


From: Miroslav Lachman <000.f...@quip.cz>
To: bug-follo...@freebsd.org,  andzi...@volt.iem.pw.edu.pl
Cc:  
Subject: Re: ports/138698: lang/php5: PHP session.save_path vulnerability
Date: Thu, 10 Sep 2009 13:14:32 +0200

 I don't know what you are trying to solve.
 
 If PHP runs under user www (Apache), it can still read the content of 
 the directory.
 If you want to disallow access to sessions of different domains 
 (VirtualHosts), you can do it by using different session.save_path for 
 each domain.
 
 In context of VirtualHost for www.domain1.tld:
      php_admin_value    session.save_path    /web/www.domain1.tld/tmp
 
 
 In context of VirtualHost for www.domain2.tld:
      php_admin_value    session.save_path    /web/www.domain2.tld/tmp
_______________________________________________
freebsd-ports@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

Re: ports/138698: lang/php5: PHP session.save_path vulnerability

Reply via email to