Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > General
Reload this Page system("cat /etc/fam.conf");
Register FAQ Members List Social Groups Calendar Search Today's Posts Mark Forums Read

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 21st November 2009, 03:45
ivomendonca ivomendonca is offline
Banned
  
Join Date: Sep 2009
Posts: 132
Thanks: 10
Thanked 12 Times in 7 Posts
Default system("cat /etc/fam.conf");
Hello, in my servers i see all files in harddrive using the system(); command in php.
using fast-cgi and secure server settings.

Is this normal?

Thanks.
Reply With Quote
Sponsored Links
  #2  
Old 21st November 2009, 17:46
till till is offline
Super Moderator
  
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 31,896
Thanks: 693
Thanked 4,190 Times in 3,207 Posts
 
Default
Yes, thats normal. If a file is world readable like /etc/fam.conf, then every user of the linux system can see the file with system or exec. To prevent this you should always disable functions like exec, system and passthru by adding them to the disable_functions line in the php.ini that is used for cgi and mod_php. Do not add it to the php.ini used for cli as this would disable the ispconfig daemon.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
Reply

Bookmarks

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT +2. The time now is 05:51.

Contact Us - HowtoForge - Linux Howtos and Tutorials - Archive - Top

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2013, vBulletin Solutions, Inc.