|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[2003-02-19 01:09 UTC] shane@php.net
[2003-02-19 10:06 UTC] zlo at canada dot com
[2003-05-26 18:26 UTC] sniper@php.net
|
|||||||||||||||||||||||||||
Copyright © 2001-2024 The PHP GroupAll rights reserved. |
Last updated: Sat Dec 21 13:01:31 2024 UTC |
when PHP cgi binary is called from cgi-bin without cgi-redirect, it parses itself (argv[0] of the binary, whatever that happens to be)! i don't think it represents much of a security problem (it still does to some extent, because it reveals path to php and default settings), and no sane person will run the cgi binary without cgi-redirect, but i don't think its the way its supposed to be either.. here is a simple example; this also works with the php binary itself in place of this binary. this results in some binary output and the typical phpinfo() page in the middle: # cat php.c #include <stdio.h> #include <string.h> #include <stdlib.h> const char *PHP_BINARY="/path/to/php/bin/php"; const char * dummy="<?php phpinfo(); ?>"; int main(int argc, char *argv[]){ execl(PHP_BINARY,argv[0],0); return 1; }; p.s. btw this simple wrapper (without the phpinfo() part, or course) can be used as a workaround for the vulnerability with cgi-redirect that resulted in the release of 4.3.1 since it removes parameters before exec'ing php itself.. p.p.s. where can i post "feedback"? i can't seem to find it..