Portal Home > Knowledgebase > Articles Database > Security Problem when php run as cgi or suphp !!

Security Problem when php run as cgi or suphp !!

Posted by ktjm, 09-02-2008, 04:12 PM

Hello , i have a one problem in php when run as cgi .... when i run php as cgi Hackers can upload one php.ini file in customer folder and bypass safe_mode and disable functions ..... Can i disable customer php.ini ? please help me ...........

---

Posted by Luxore, 09-02-2008, 05:45 PM

if hackers can upload and run scripts you have a pretty serious problem even if they can't upload their own php.ini file. so i think it's great that you've become aware of a problem that needs fixing, but i'm not sure you've correctly defined the problem yet.

---

Posted by koithara, 09-02-2008, 11:30 PM

You may put a php.ini by your own and there after set an attribute for the file, which makes it un-overwritable. helps you to make it immutable...

---

Posted by LnxtecH, 09-02-2008, 11:57 PM

If you are using cpanel, there is an option in easyapache3 (/scripts/easyapache) to disable users php.ini. Note: Given above is only a work around and not a fix. I would suggest to find out the exact issue and resolve.

---

Add to Favourites    Print this Article

Secret Gov Surveillance Doc Microsoft Doesnt want us to see (Views: 885)

Variables/2checkout?? (Views: 751)

Moving Frontpage accounts (Views: 755)

Looking for new host and need some direction (Views: 819)

MySQL Datatype Question (Views: 779)