users accessing directories,files using php scripts
If a user on my server runs the following script it will show the passwd file but not the shadow file and if you change the commands to pretty much anything (ls, ls -la, rm -rf *) and it will execute the command. What do I need to change to take these permissions off the users using php or atleast off of php.
Script Example: PHP Code:
|
also im running Redhat Enterprise server 5.1 and this issue has gone on for almost a week still waiting for Redhat to come up with a resolution as well.
|
Stick a line like this in your php.ini:
Code:
disable_functions = system |
thanks thats it !
redhat support is still trying to figure this one out :( |
All times are GMT -5. The time now is 01:26 PM. |