Posted by Erwin Moller on 01/07/08 09:28

Jonas Werres wrote:
> It is quite easy:
> If PHP hast root permission, it can run root tasks. And we don't want
> that. Really. So Erwins suggestion is an immensely stupid idea.

Jonas,

Did you actually read my suggestion?
Or do you shout stuff like this as default behaviour?

Erwin Moller


> The least thing you can do is use sudo restriced to the passwd command.
> But do we want PHP to have full access to passwd? No.
> I don't even use it to copy some files for maildrop.
>
> So my suggestion is: Let the webserver PHP write into a db or file whats
> absolutly necessary. In this case: username and password, I think.
>
> Then run a shellscript (or even better a compiled program) with those
> informations (outside webroot, with cron).

• Next in forum: Re: stange behavior of $_SESSION
• Prev in forum: Re: Freeware PHP Windows Editors
• Thread view: Re: how can I run root commands in php

[Reply to this message]