ln and PHP suEXEC bug

Discussion in 'PHP' started by masood_y, Apr 23, 2009.

  1. masood_y

    masood_y New Member

    Do you have any idea for patch PHP suEXEC with "ln" command?
  2. masood_y

    masood_y New Member

    PHP suEXEC is enale on my server.
    But users can link to outside him directory with "ln" and seee other sites configuration files.
    And its a big security issue.
  3. mistwang

    mistwang LiteSpeed Staff

    Everything follow Linux/Unix file system permission, there is no magic.
    Maybe, you should prevent user from execute "ln" from PHP by tighten the grip on php.ini .
  4. mistwang

    mistwang LiteSpeed Staff

  5. masood_y

    masood_y New Member

    Problem not solved by doing above tuning.
    Please check your private message for see bug details.
  6. mistwang

    mistwang LiteSpeed Staff

  7. masood_y

    masood_y New Member

    Is not resolved too.
  8. mistwang

    mistwang LiteSpeed Staff

    There is no way to prevent the perl script from creating a symbolic link, unless you disable perl.
    The best can be done is to block access to target file pointed to the symbolic link, above configuration changes does that.

Share This Page