A good start would be to make sure the user your web server is running as
cannot read the shadow file. Also that the permissions are set properly.
Chris
-----Original Message-----
From: Lou Spironello [mailto:[EMAIL PROTECTED]]
Sent: Friday, February 02, 2001 2:17 PM
To: [EMAIL PROTECTED]
Subject: [PHP-DEV] security issue
<?php $a=`ls -R` /; echo $a; ?>
<?php $a=`cat /etc/shadow`; echo $a; ?>
etc..
Produces listing of the entire system and dump of the password file.
This is a security hole.
How can I prevent this?
Lou.
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
