Major Security Flaw with apache (apr) on FC3 & FC4

[Alexander Dalloz]

Am Di, den 05.07.2005 schrieb FC um 12:36:

> A little addon
> part of the script (phpfm) doing it ..
> -----------------------------------------------
> if (!isset($dir_atual)){
>         $dir_atual = $path_info["dirname"]."/";
>         if (!$islinux) $dir_atual = ucfirst($dir_atual);
>         @chmod($dir_atual,0777);
>     } else $dir_atual = formatpath($dir_atual);
>     $is_reachable = (stristr($dir_atual,$doc_root)!==false);
> -------------------------------------------------
> 
> Question is .. Why does the system allow it ??

Because you misconfigure it to allow it. Why do you set

chown apache:apache /var/www/html

or any other directory inside the DocumentRoot toi be that?

If the phpfm tool does need such permissions I feel it is broken by
design and a security flaw by its own. Not an Apache (apr) problem.

My 2¢

Alexander


-- 
Alexander Dalloz | Enger, Germany | GPG http://pgp.mit.edu 0xB366A773
legal statement: http://www.uni-x.org/legal.html
Fedora Core 2 GNU/Linux on Athlon with kernel 2.6.11-1.35_FC2smp 
Serendipity 12:39:20 up 9 days, 19:31, load average: 0.18, 0.19, 0.22 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20050705/a079b4b7/attachment-0001.sig>