| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <0cdb01c4e627$7c00d980$5746370a@nsp.local>
From: venom at gen-x.co.nz (VeNoMouS)
Subject: Re: PHP and curl open_basedir still bypassable
I got anonyed that the dev php response to this was curl's issue and to turn off curl local file access so here is a hax work around i wrote maybe they will get off there arses and submit something like this in the next release.
in ext/curl/curl.c, add the following to the function "PHP_FUNCTION(curl_init)".
char *newurl;
<this goes after the argc check>
newurl=estrndup(Z_STRVAL_PP(url), Z_STRLEN_PP(url));
if(strncmp(newurl,file://,7)==0)
{
memmove(newurl,newurl+7,strlen(newurl)-7);
newurl[strlen(newurl)-7+1]='\0';
if (php_check_open_basedir(newurl TSRMLS_CC))
{
RETURN_FALSE;
}
}
----- Original Message -----
From: VeNoMouS
To: full-disclosure@...ts.netsys.com
Sent: Monday, December 20, 2004 10:19 AM
Subject: PHP and curl open_basedir still bypassable
As posted in http://www.securitytracker.com/alerts/2004/Oct/1011984.html
the open_basedir bypass still exists in the php 4.3.10 and curl-7.12.2, anyone seen a patch or anything to get solve this issue?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20041220/91218181/attachment.html
Powered by blists - more mailing lists