> >> ... and I am -- A shared host server that is. > > > > Now I'm not sure on this, I haven't tested it. Has anyone? > > Is this particular vulnerability only in existence when the server is > pretty > open? I mean, on my particular host, I can't FTP to anything outside my > docroot, and I can't use SSH, telnet, etc.
That's for you, but when you run a PHP script, you run it as user Apache, www, nobody, etc...however your system is set up (if PHP is a module). > phpinfo() says my session.save-path is /tmp -- since (in theory) I can't > get > the files via telnet, FTP or HTTP, the only option I can think of would be > another user on the host gaining access to it via a PHP script... which > I'm > not sure can be done, and can't really test, because I wouldn't know how > to > do it. Yes, the attack could only come from someone on the same server. That's why dedicated servers are preferred and why safe_mode is used on virtual aervers. Safe_mode may protect the sessions, too, not sure. <? $_SESSION['Logged_On'] = 1; $_SESSION['Admin'] = 1; $s = serialize($_SESSION); $fp = fopen("/tmp/bad_session.file","w"); fwrite($fp,$s); fclose($fp); ?> http://www.yoursite.com?PHPSESSID=bad_session I don't have a virtual server environment to actually test this out with, though...and it would require a lot of work from the hacker...but what else do they have to do. Get a dedicated server...they really aren't that expensive anymore. ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php