Rootkit
Manuel Arostegui Ramirez
manuel at todo-linux.com
Tue Oct 23 07:56:56 UTC 2007
On Tuesday 23 October 2007 09:30:01 Andy Green wrote:
>
> But it seems to me it's not where the real problems are for servers.
> The real problems are in PHP or other scripts that accept user input as
> PHP code or database queries one way or another, and it won't really
> help since the attacker is running the properly signed stuff. There's a
> lot of bad things the attacker can do with PHP commands, shell commands,
> alias, config files, etc that all run in 'authorized' contexts.
>
Maybe I'm taking wrong the point but, this could be avoid by using php open
basedir, right?
Manuel
--
Manuel Arostegui Ramirez.
Electronic Mail is not secure, may not be read every day, and should not
be used for urgent or sensitive issues.
More information about the fedora-list
mailing list