[horde] calls to popen()
vilius at lnk.lt
Sat Feb 11 14:43:25 UTC 2012
Saturday, February 11, 2012, 4:29:09 PM, you wrote:
> Am 11.02.2012 08:16, schrieb Vilius Šumskas:
>> Saturday, February 11, 2012, 12:57:10 AM, you wrote:
>>> what is this after update H3 some minutes ago?
>>> Feb 10 22:52:52  ALERT - function within blacklist called:
>>> popen() (attacker '10.0.0.241', file
>>> '/usr/share/horde/lib/Horde/Crypt/pgp.php', line 1696)
>>> there are existing pear packages and no single need to
>>> open command execution which nobody will do interested
>>> in security for foreign software
>> There is nothing wrong with popen() calls. If you "security" software
>> thinks overwise, then it is seriously botched.
> my security software does exactly what i say and if you do
> not configure your servers in a secure way it is your problem
> there is ALL wrong with popen() for a default webapp!
> if there is any single bug with user inputs not correct
> handeled an attacker would have the possibility to execute
> local commands on the machine (with no open_basedir or any
> other php-restrition active) including the ability to
> trigger local (root) exploits if there are one existing
Then it is a problem of the software which has the exploit or the sys
admin which doesn't update his software.
> to say it clear: a webapp with a bug using such functions makes
> every local exploit to a remote exploit!
Then it is a problem of the webapp, not of the function.
> every sysadmin not blocking the followed functions on
> shared servers and for common applications has to be FIRED
> popen, pclose, exec, passthru, shell_exec, system, proc_open,
> proc_close, proc_nice, proc_terminate,
> proc_get_status, pcntl_exec, apache_child_terminate, posix_kill,
> posix_mkfifo, posix_setpgid, posix_setsid,
> posix_setuid, mail, symlink
You know that safe_mode is deprecated, right?
More information about the horde