View Full Version : ln and PHP suEXEC bug
04-23-2009, 06:40 AM
Do you have any idea for patch PHP suEXEC with "ln" command?
04-23-2009, 07:35 AM
PHP suEXEC is enale on my server.
But users can link to outside him directory with "ln" and seee other sites configuration files.
And its a big security issue.
04-23-2009, 08:14 AM
Everything follow Linux/Unix file system permission, there is no magic.
Maybe, you should prevent user from execute "ln" from PHP by tighten the grip on php.ini .
04-23-2009, 01:32 PM
use "If Owner Match"
04-23-2009, 01:39 PM
Problem not solved by doing above tuning.
Please check your private message for see bug details.
04-23-2009, 06:29 PM
Also need to set http://www.litespeedtech.com/docs/webserver/config/security/#checkSymbolLink
04-24-2009, 05:27 AM
Is not resolved too.
04-24-2009, 06:08 AM
There is no way to prevent the perl script from creating a symbolic link, unless you disable perl.
The best can be done is to block access to target file pointed to the symbolic link, above configuration changes does that.