Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > General

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Thread Tools Display Modes
Old 21st November 2009, 04:45
ivomendonca ivomendonca is offline
Join Date: Sep 2009
Posts: 132
Thanks: 10
Thanked 14 Times in 8 Posts
Default system("cat /etc/fam.conf");

Hello, in my servers i see all files in harddrive using the system(); command in php.
using fast-cgi and secure server settings.

Is this normal?

Reply With Quote
Sponsored Links
Old 21st November 2009, 18:46
till till is offline
Super Moderator
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 37,001
Thanks: 840
Thanked 5,650 Times in 4,460 Posts

Yes, thats normal. If a file is world readable like /etc/fam.conf, then every user of the linux system can see the file with system or exec. To prevent this you should always disable functions like exec, system and passthru by adding them to the disable_functions line in the php.ini that is used for cgi and mod_php. Do not add it to the php.ini used for cli as this would disable the ispconfig daemon.
Till Brehm
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

All times are GMT +2. The time now is 21:52.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.