Somebody in the thread at some point said: > On Tuesday 23 October 2007 09:30:01 Andy Green wrote: > >> But it seems to me it's not where the real problems are for servers. >> The real problems are in PHP or other scripts that accept user input as >> PHP code or database queries one way or another, and it won't really >> help since the attacker is running the properly signed stuff. There's a >> lot of bad things the attacker can do with PHP commands, shell commands, >> alias, config files, etc that all run in 'authorized' contexts. >> > > Maybe I'm taking wrong the point but, this could be avoid by using php open > basedir, right? Some things can be avoided by that... I use safe_mode on and open_basedir, safe_mode_exec_dir and more. But watching people trying to hack Tikiwki was very educational. One of the things they were after was to dump the Tikiwiki config file that contained the database credentials, which they could have done despite the .htaccess in there from inside the vulnerable PHP. I guess they would have tried those credentials on a login, modified the tikiwiki contents to be spam, drop javascript trojans, who knows what. We are ALL *one* flaw in something away from being cracked, open_basedir or not. -Andy
