[horde] calls to popen()
h.reindl at thelounge.net
Sat Feb 11 14:29:09 UTC 2012
Am 11.02.2012 08:16, schrieb Vilius Šumskas:
> Saturday, February 11, 2012, 12:57:10 AM, you wrote:
>> what is this after update H3 some minutes ago?
>> Feb 10 22:52:52  ALERT - function within blacklist called:
>> popen() (attacker '10.0.0.241', file
>> '/usr/share/horde/lib/Horde/Crypt/pgp.php', line 1696)
>> there are existing pear packages and no single need to
>> open command execution which nobody will do interested
>> in security for foreign software
> There is nothing wrong with popen() calls. If you "security" software
> thinks overwise, then it is seriously botched.
my security software does exactly what i say and if you do
not configure your servers in a secure way it is your problem
there is ALL wrong with popen() for a default webapp!
if there is any single bug with user inputs not correct
handeled an attacker would have the possibility to execute
local commands on the machine (with no open_basedir or any
other php-restrition active) including the ability to
trigger local (root) exploits if there are one existing
to say it clear: a webapp with a bug using such functions makes
every local exploit to a remote exploit!
every sysadmin not blocking the followed functions on
shared servers and for common applications has to be FIRED
popen, pclose, exec, passthru, shell_exec, system, proc_open, proc_close, proc_nice, proc_terminate,
proc_get_status, pcntl_exec, apache_child_terminate, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid,
posix_setuid, mail, symlink
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 262 bytes
Desc: OpenPGP digital signature
More information about the horde