Major Security Flaw with apache (apr) on FC3 & FC4
Alexander Dalloz
ad+lists at uni-x.org
Tue Jul 5 10:38:58 UTC 2005
Am Di, den 05.07.2005 schrieb FC um 12:16:
Please! Do not top-post and fully quote. this is a mailing list and the
content of previous mails is still available if one likes to check
content of a previous message.
> Any1 can explain this :)
> I have an explanation .. IF the dir is owned by the same user the phpfm
> is owned it WILL change the dir rights
> example : mod_php
> /var/www/html/ owned by root:root
> /var/www/html/phpfm.php owned by apache.apache
> nothing changes
>
> then /var/www/html/ owned by apache:apache
>
> BOOM -> 777 on the dir ...
>
> That's a major security flaw .
What you describe is in my eyes just a badly behaving PHP application.
If a directory in the DocumentRoot or the DocumentRoot is owned by the
UID of the Apache user, then of course Apache has the permissions to
change the dir and like you show us. Any PHP or other language script
can do so. It demonstrates why it is good that by default the
DocumentRoot is root:root owned on Fedora. The Apache user does not need
to be the owner.
Alexander
--
Alexander Dalloz | Enger, Germany | GPG http://pgp.mit.edu 0xB366A773
legal statement: http://www.uni-x.org/legal.html
Fedora Core 2 GNU/Linux on Athlon with kernel 2.6.11-1.35_FC2smp
Serendipity 12:33:45 up 9 days, 19:25, load average: 0.18, 0.34, 0.27
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20050705/0d969d97/attachment-0001.sig>
More information about the fedora-list
mailing list