lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
From: venom at gen-x.co.nz (VeNoMouS)
Subject: Re: PHP and curl open_basedir still bypassable

I got anonyed that the dev php response to this was curl's issue and to turn off curl local file access so here is a hax work around i wrote maybe they will get off there arses and submit something like this in the next release.

in  ext/curl/curl.c, add the following to the function "PHP_FUNCTION(curl_init)".

char *newurl;

<this goes after the argc check>

newurl=estrndup(Z_STRVAL_PP(url), Z_STRLEN_PP(url));
if(strncmp(newurl,file://,7)==0)
    {
    memmove(newurl,newurl+7,strlen(newurl)-7);
    newurl[strlen(newurl)-7+1]='\0';
    if (php_check_open_basedir(newurl TSRMLS_CC))
        {
        RETURN_FALSE;
        }
    }
  ----- Original Message ----- 
  From: VeNoMouS 
  To: full-disclosure@...ts.netsys.com 
  Sent: Monday, December 20, 2004 10:19 AM
  Subject: PHP and curl open_basedir still bypassable


  As posted in http://www.securitytracker.com/alerts/2004/Oct/1011984.html

  the open_basedir bypass still exists in the php 4.3.10 and curl-7.12.2, anyone seen a patch or anything to get solve this issue?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20041220/91218181/attachment.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ