| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <3af3d47c1002110814x56594669ie451954463269544@mail.gmail.com> Date: Thu, 11 Feb 2010 17:14:10 +0100 From: Christian Sciberras <uuf6429@...il.com> To: full-disclosure@...ts.grok.org.uk Subject: Re: PHP 5.2.12/5.3.1 session.save_path safe_mode and open_basedir bypass Ah, I see. Another reason not to rely on a broken system ;) I'm no fan of sessions :). On Thu, Feb 11, 2010 at 4:51 PM, Joachim Schipper <joachim@...chimschipper.nl> wrote: > On Thu, Feb 11, 2010 at 03:35:28PM +0100, Christian Sciberras wrote: >> What exactly are the implications of this? >> Surely no one [website] accepts paths. > > Some providers of shared hosting give each user the same uid and > restrict them to their own directories via open_basedir. This breaks > that mechanism (again). > > Joachim > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists