Find the answer to your Linux question:
Results 1 to 2 of 2
Any discussion on the pro/cons of allowing php to use the exec funtion is welcome. Why would you want to ban it? What bad could a user do, isn't the ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. 02-24-2005 #1
    jeremy1701
    jeremy1701 is offline
    Linux Guru
    Join Date
    Mar 2003
    Location
    Wisconsin
    Posts
    1,907

    exec

    Any discussion on the pro/cons of allowing php to use the exec funtion is welcome. Why would you want to ban it? What bad could a user do, isn't the code part of the html anyway? How would they modifiy to run a command, etc...

    Thanks all,
    Jeremy
    Registered Linux user #346571
    "All The Dude ever wanted was his rug back" - The Dude
    Reply With Quote Reply With Quote
  2. 02-24-2005 #2
    adam7979
    adam7979 is offline
    Linux User
    Join Date
    Feb 2005
    Posts
    290
    1) upload a ready made exploit to my home directory
    2) run it (with exec, passthru, whatever)
    3) tada, a shell awaiting for me, instruct it to create an bash with SUID in my home directory
    4) the rest is left with your imagination .....
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules