FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » execute php in template
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: execute php in template [message #175779 is a reply to message #175778] Mon, 24 October 2011 02:30 Go to previous messageGo to previous message
Jerry Stuckle is currently offline  Jerry Stuckle
Messages: 2598
Registered: September 2010
Karma:
Senior Member
On 10/23/2011 9:37 PM, Hans Olo wrote:
> On 10/23/2011 6:38 PM, Jerry Stuckle cried from the depths of the abyss:
>>
>>>> what if someone snuck into
>>>> your code something like:
>>>> system('rm -r /');
>>>
>>> How would someone be able to do that? From the "outside" there's no
>>> access to do this, right?
>>
>> Are you sure? Sony thought so...
>>
>
> Keep in mind that the rm request can only delete files that have the
> same permissions as the httpd user. This is why apache recommends
> creating a bs account (httpd, acache, joeblow, etc.) to use to run the
> httpd server. Almost all stock httpd configs use a bogus user (either
> configged by a package, or a requirement if compililng from source), and
> this wouldn't delete too much except www related files & perhaps some
> config files.
>
> / will only get deleted if the httpd is being run as root

Please read what I said in my first post. And never count on the
process being a bogus user with limited rights.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex(at)attglobal(dot)net
==================
[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: Using PHP Tags in eval()
Next Topic: pear include path
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Fri Nov 29 21:09:49 GMT 2024

Total time taken to generate the page: 0.19488 seconds