[horde] calls to popen()

Reindl Harald h.reindl at thelounge.net
Sat Feb 11 15:05:21 UTC 2012 


Am 11.02.2012 15:43, schrieb Vilius Šumskas:
>> if there is any single bug with user inputs not correct
>> handeled an attacker would have the possibility to execute
>> local commands on the machine (with no open_basedir or any
>> other php-restrition active) including the ability to
>> trigger local (root) exploits if there are one existing
> 
> Then  it is a problem of the software which has the exploit or the sys
> admin which doesn't update his software.

and you are 100% sure that horde never has a bug
which is exploitet before an update exists?

>> to say it clear: a webapp with a bug using such functions makes
>> every local exploit to a remote exploit!
> 
> Then it is a problem of the webapp, not of the function.

and anybody interested in security does not allow
execution of shell-commands for webapps so that
currently unknown problems are even not exploitable
if they are disclosed at a time where no fix is available

>> every sysadmin not blocking the followed functions on
>> shared servers and for common applications has to be FIRED
> 
>> popen, pclose, exec, passthru, shell_exec, system, proc_open,
>> proc_close, proc_nice, proc_terminate,
>> proc_get_status, pcntl_exec, apache_child_terminate, posix_kill,
>> posix_mkfifo, posix_setpgid, posix_setsid,
>> posix_setuid, mail, symlink
> 
> You  know  that  safe_mode  is deprecated, right?

you know that you have no idea about what you are speaking?
what has this to do with safe_mode????????

SUHOSIN is that piece of software which blocked the some days
ago fixed remote-security-bug in PHP and many thousands generic
attacks in the last years and has nothing to do with safe_mode

also php has builtin "disable_functions" (but not per-site) what has
also NOTHING to do with safe_mode - so please stop to explain people
the world without having any education in security-topics

php_admin_value suhosin.executor.func.blacklist "popen, pclose, exec, passthru, shell_exec, system, proc_open,
proc_close, proc_nice, proc_terminate, proc_get_status, pcntl_exec, apache_child_terminate, posix_kill,
posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid, mail, symlink"


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <http://lists.horde.org/archives/horde/attachments/20120211/6d30d60b/attachment.bin>

More information about the horde mailing list