Rootkit
Manuel Arostegui Ramirez
manuel at todo-linux.com
Tue Oct 23 07:56:56 UTC 2007
On Tuesday 23 October 2007 09:30:01 Andy Green wrote:
>
> But it seems to me it's not where the real problems are for servers.
> The real problems are in PHP or other scripts that accept user input as
> PHP code or database queries one way or another, and it won't really
> help since the attacker is running the properly signed stuff. There's a
> lot of bad things the attacker can do with PHP commands, shell commands,
> alias, config files, etc that all run in 'authorized' contexts.
>
Maybe I'm taking wrong the point but, this could be avoid by using php open
basedir, right?
Manuel
--
Manuel Arostegui Ramirez.
Electronic Mail is not secure, may not be read every day, and should not
be used for urgent or sensitive issues.
More information about the users
mailing list