Back to list
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure
Aug 13 2013 07:57PM
Reindl Harald (h reindl thelounge net)
Am 13.08.2013 21:36, schrieb Stefan Kanthak:
>> *define what is secure* and make sure you define it by context
>> unlink('file_my_script_wrote'); is fine
> No, its UNSAFE!
> The standard use case of PHP is "preprocessor for HTTP demon".
> There is ABSOLUTELY no need to allow the preprocessor...
[ more ]
Copyright 2010, SecurityFocus