[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Security pb or not ?

Subject: Re: [cobalt-users] Security pb or not ?
From: "Steve Werby" <steve-lists@xxxxxxxxxxxx>
Date: Tue Nov 26 13:30:01 2002
Organization: Befriend Internet Services LLC
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

"Arnaud L." <alahaye@xxxxxxxxxx> wrote:
> On Raq4, when i create a new virtualhost the directory was created on
> /home/sites like
>
> drwxrwsr-x 6 nobody site147 1024 Aug 22 22:14 site147
>
> The problem is that user for the site 146 for example can browse in PHP
the
> directory of site 147 (by a simple readdir) because they have the same
> User/Group on httpd.conf and PHP...
>
> It is a bug ? That poses problems of confidentiality

It's not a bug.  It's a limitation of Apache 1.3 running in a multi-user
environment.  See open_basedir in the PHP manual and the safe mode related
Apache PHP directives at
http://www.php.net/manual/en/printwn/features.safe-mode.php#AEN6422.  Please
be aware that even if PHP is tightened, shell users and users running
scripts written in other languages will not be subject to the same
restrictions.

--
Steve Werby
President, Befriend Internet Services LLC
http://www.befriend.com/

References:
- [cobalt-users] Security pb or not ?
  - From: Arnaud L.

Prev by Date: Re: Re[2]: [cobalt-users] root partition is at 93%
Next by Date: Re: [cobalt-users] Raq550: Sending E-mail is slow
Previous by thread: [cobalt-users] Security pb or not ?
Next by thread: [cobalt-users] Re: Does restarting mail server lose mail ? (RaQ3)

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index