|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Steffen Dettmer (steffen
dett.de)Date: Thu Jul 05 2001 - 16:53:01 CDT
* Joost Pol wrote on Tue, Jul 03, 2001 at 02:04 +0200:
> On Mon, Jul 02, 2001 at 03:12:43PM -0700, Joe Harris wrote:
>
> 1. User could obtain the uid of the webserver. (nobody access)
> [...] the impact would be minor.
Usually the Webserver is able to read the sources of the PHP
scripts. PHP scripts may include passwords for database access.
Since PHP is usually mod_php and not suexec'd, this seems to be a
common problem. With account to such databases really important
damage could be done!
Elevated priviliges are never "minor" issues IMHO.
oki,
Steffen
-- Dieses Schreiben wurde maschinell erstellt, es trägt daher weder Unterschrift noch Siegel.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]