Re: securing PHP (was: Kernel Crash Bug????)
Hi, "Tue, 15 Jun 2004 10:35:33 +0200", "Rudy Gevaert" "securing PHP (was: Kernel Crash Bug)" >Can somebody point me to some documentation about securing PHP? Not documentation but patch for php, "Hardened-PHP". http://www.hardened-php.net/ -- Regards, Hideki Yamanemailto:henrich @ iijmio-mail.jp
Re: securing PHP (was: Kernel Crash Bug????)
On Tue, Jun 15, 2004 at 11:20:35AM +0200, Jeroen van Wolffelaar wrote: > On Tue, Jun 15, 2004 at 10:35:33AM +0200, Rudy Gevaert wrote: > > On Tue, Jun 15, 2004 at 09:23:33AM +0100, David Ramsden wrote: > > > On Tue, Jun 15, 2004 at 05:52:18PM +1000, Russell Coker wrote: > > > > > > Does PHP allow executing arbitary binaries? > > > > > > > [snip] > > > > > > Yes, unless in your php.ini you have something along the lines of: > > > disable_functions = system,passthru,shell_exec,popen,proc_open > > > > Can somebody point me to some documentation about securing PHP? > > http://php.net/security, a better solution to the above mentioned > problem is 'safe_mode', which is intended to block all dangerous file > access, executing, etc. > See also: http://www.pookey.co.uk/php-security.xml http://www.pookey.co.uk/php-suphp.xml Regards, David. -- .''`. David Ramsden <[EMAIL PROTECTED]> : :' :http://david.hexstream.eu.org/ `. `'` PGP key ID: 507B379B on wwwkeys.pgp.net `- Debian - when you have better things to do than to fix a system. pgpxc5T6Gr2YQ.pgp Description: PGP signature
Re: securing PHP (was: Kernel Crash Bug????)
On Tue, Jun 15, 2004 at 10:35:33AM +0200, Rudy Gevaert wrote: > On Tue, Jun 15, 2004 at 09:23:33AM +0100, David Ramsden wrote: > > On Tue, Jun 15, 2004 at 05:52:18PM +1000, Russell Coker wrote: > > > > Does PHP allow executing arbitary binaries? > > > > > [snip] > > > > Yes, unless in your php.ini you have something along the lines of: > > disable_functions = system,passthru,shell_exec,popen,proc_open > > Can somebody point me to some documentation about securing PHP? http://php.net/security, a better solution to the above mentioned problem is 'safe_mode', which is intended to block all dangerous file access, executing, etc. --Jeroen -- Jeroen van Wolffelaar [EMAIL PROTECTED] (also for Jabber & MSN; ICQ: 33944357) http://Jeroen.A-Eskwadraat.nl
Re: securing PHP (was: Kernel Crash Bug????)
Hi, "Tue, 15 Jun 2004 10:35:33 +0200", "Rudy Gevaert" "securing PHP (was: Kernel Crash Bug)" >Can somebody point me to some documentation about securing PHP? Not documentation but patch for php, "Hardened-PHP". http://www.hardened-php.net/ -- Regards, Hideki Yamanemailto:henrich @ iijmio-mail.jp -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: securing PHP (was: Kernel Crash Bug????)
On Tue, Jun 15, 2004 at 11:20:35AM +0200, Jeroen van Wolffelaar wrote: > On Tue, Jun 15, 2004 at 10:35:33AM +0200, Rudy Gevaert wrote: > > On Tue, Jun 15, 2004 at 09:23:33AM +0100, David Ramsden wrote: > > > On Tue, Jun 15, 2004 at 05:52:18PM +1000, Russell Coker wrote: > > > > > > Does PHP allow executing arbitary binaries? > > > > > > > [snip] > > > > > > Yes, unless in your php.ini you have something along the lines of: > > > disable_functions = system,passthru,shell_exec,popen,proc_open > > > > Can somebody point me to some documentation about securing PHP? > > http://php.net/security, a better solution to the above mentioned > problem is 'safe_mode', which is intended to block all dangerous file > access, executing, etc. > See also: http://www.pookey.co.uk/php-security.xml http://www.pookey.co.uk/php-suphp.xml Regards, David. -- .''`. David Ramsden <[EMAIL PROTECTED]> : :' :http://david.hexstream.eu.org/ `. `'` PGP key ID: 507B379B on wwwkeys.pgp.net `- Debian - when you have better things to do than to fix a system. pgpNO1LkvUfna.pgp Description: PGP signature
Re: securing PHP (was: Kernel Crash Bug????)
On Tue, Jun 15, 2004 at 10:35:33AM +0200, Rudy Gevaert wrote: > On Tue, Jun 15, 2004 at 09:23:33AM +0100, David Ramsden wrote: > > On Tue, Jun 15, 2004 at 05:52:18PM +1000, Russell Coker wrote: > > > > Does PHP allow executing arbitary binaries? > > > > > [snip] > > > > Yes, unless in your php.ini you have something along the lines of: > > disable_functions = system,passthru,shell_exec,popen,proc_open > > Can somebody point me to some documentation about securing PHP? http://php.net/security, a better solution to the above mentioned problem is 'safe_mode', which is intended to block all dangerous file access, executing, etc. --Jeroen -- Jeroen van Wolffelaar [EMAIL PROTECTED] (also for Jabber & MSN; ICQ: 33944357) http://Jeroen.A-Eskwadraat.nl -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]