lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Fri, 4 Apr 2003 21:20:13 +0100
From: Jon Ribbens <jon+bugtraq@...quivocal.co.uk>
To: bugtraq@...urityfocus.com
Subject: Re: @(#)Mordred Labs advisory - Integer overflow in PHP str_repeat() function


Javi Lavandeira <javi@....co.jp> wrote:
> You seem to be forgetting about PHP's safe_mode, disable_functions
> and open_basedir directives. If configured properly, a user in a
> server with PHP support should not be able to execute commands, read
> other users' files or do anything outside his directory. Even though
> PHP is running with the privileges of the web server, the user
> doesn't have these privileges (again, if properly configured). Many
> ISPs configure PHP in this way.
> 
> *IF* the overflow really exists *AND* is exploitable, I would be
> very worried, because *THEN* users could gain the privileges of the
> web server and do things they shouldn't be doing.

Then you should be very worried. Back in September 2000, Zeev Suraski
(PHP developer and co-author of Zend, the PHP4 scripting engine) said:
(http://marc.theaimsgroup.com/?l=php-dev&m=96815200329214)

> safe mode is indeed falsely advertised as being safe.  It's very
> likely to contain bugs. As far as I'm concerned, it should be
> clearly advertised as something that would prevent the casual user
> from doing stuff he's not supposed to do, but isn't suitable for
> protecting against hackers.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ