Major Security Flaw with apache (apr) on FC3 & FC4
FC
fedora at ows.ch
Tue Jul 5 10:55:46 UTC 2005
Alexander Dalloz wrote:
>Am Di, den 05.07.2005 schrieb FC um 12:36:
>
>
>
>>A little addon
>>part of the script (phpfm) doing it ..
>>-----------------------------------------------
>>if (!isset($dir_atual)){
>> $dir_atual = $path_info["dirname"]."/";
>> if (!$islinux) $dir_atual = ucfirst($dir_atual);
>> @chmod($dir_atual,0777);
>> } else $dir_atual = formatpath($dir_atual);
>> $is_reachable = (stristr($dir_atual,$doc_root)!==false);
>>-------------------------------------------------
>>
>>Question is .. Why does the system allow it ??
>>
>>
>
>Because you misconfigure it to allow it. Why do you set
>
>chown apache:apache /var/www/html
>
>or any other directory inside the DocumentRoot toi be that?
>
>If the phpfm tool does need such permissions I feel it is broken by
>design and a security flaw by its own. Not an Apache (apr) problem.
>
>My 2¢
>
>Alexander
>
>
>
>
"chown apache:apache /var/www/html" Was just to test the behaviour
I am using many virtualhosts on a diff partition and each dir is owned by a different user
so mentioned the apache.apache for testing purpose :)
I just had a user installing phpfm on his vhost and he had troubles ..
that's how I found out about this .. suphp wont allow world writeable docroots. reason why he had problems :)
-Philip
More information about the fedora-list
mailing list