[horde] calls to popen()
h.reindl at thelounge.net
Sat Feb 11 15:05:21 UTC 2012
Am 11.02.2012 15:43, schrieb Vilius Šumskas:
>> if there is any single bug with user inputs not correct
>> handeled an attacker would have the possibility to execute
>> local commands on the machine (with no open_basedir or any
>> other php-restrition active) including the ability to
>> trigger local (root) exploits if there are one existing
> Then it is a problem of the software which has the exploit or the sys
> admin which doesn't update his software.
and you are 100% sure that horde never has a bug
which is exploitet before an update exists?
>> to say it clear: a webapp with a bug using such functions makes
>> every local exploit to a remote exploit!
> Then it is a problem of the webapp, not of the function.
and anybody interested in security does not allow
execution of shell-commands for webapps so that
currently unknown problems are even not exploitable
if they are disclosed at a time where no fix is available
>> every sysadmin not blocking the followed functions on
>> shared servers and for common applications has to be FIRED
>> popen, pclose, exec, passthru, shell_exec, system, proc_open,
>> proc_close, proc_nice, proc_terminate,
>> proc_get_status, pcntl_exec, apache_child_terminate, posix_kill,
>> posix_mkfifo, posix_setpgid, posix_setsid,
>> posix_setuid, mail, symlink
> You know that safe_mode is deprecated, right?
you know that you have no idea about what you are speaking?
what has this to do with safe_mode????????
SUHOSIN is that piece of software which blocked the some days
ago fixed remote-security-bug in PHP and many thousands generic
attacks in the last years and has nothing to do with safe_mode
also php has builtin "disable_functions" (but not per-site) what has
also NOTHING to do with safe_mode - so please stop to explain people
the world without having any education in security-topics
php_admin_value suhosin.executor.func.blacklist "popen, pclose, exec, passthru, shell_exec, system, proc_open,
proc_close, proc_nice, proc_terminate, proc_get_status, pcntl_exec, apache_child_terminate, posix_kill,
posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid, mail, symlink"
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 262 bytes
Desc: OpenPGP digital signature
More information about the horde