[PHP-DEV] Bug #14448 Updated: exec()-like calls are done with webserver uid

sander Wed, 12 Dec 2001 03:43:02 -0800

ID: 14448
Updated by: sander
Reported By: [EMAIL PROTECTED]
Old Status: Open
Status: Bogus
Bug Type: Unknown/Other Function
Operating System: Unix
PHP Version: 4.1.0
New Comment:


Not a bug. Expected behaviour. RTM.
Safemode != suEXEC or something like that.

Previous Comments:
------------------------------------------------------------------------

[2001-12-12 06:17:09] [EMAIL PROTECTED]

When safe_mode is enabled, exec()-like calls are still done with the webserver uid, 
letting users execute any server scripts owned by 'www' (for example).

In the case that php_safe_dir = /usr/local/phpexec:

# chmod 700 /usr/local/phpexec
# chown www.www /usr/local/phpexec

inside i put the following sh script:

#!/bin/sh
#
echo `id`

Now i log in as user 'veins', make a php script with the following:

<? exec("/usr/local/phpexec/id.sh", $value, $return);
   echo $value[0]; ?>

when i go to  ~veins/id.php  i get the following:

uid=67(www) gid=67(www) groups=67(www)


------------------------------------------------------------------------



Edit this bug report at http://bugs.php.net/?id=14448&edit=1


-- 
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

[PHP-DEV] Bug #14448 Updated: exec()-like calls are done with webserver uid

Reply via email to