View Single Post
  #2   (View Single Post)  
Old 14th February 2011
classicmanpro's Avatar
classicmanpro classicmanpro is offline
Real Name: Turea Alexandru Teodor
Fdisk Soldier
Join Date: Oct 2010
Location: Romania (SE Europe)
Posts: 51

I've analyzed the setup of three distinct hosting providers and they all had suPHP and PERL handlers ... active and running concurrently.

For the moment, my best guess is that only suPHP shouldn't be used for CGI.

If one uses the regular PHP CGI binary, all scripts are run using the rights of the server (limited damage if files have 0644) but, in case of suPHP, the CGI binary runs the scripts using the owner's privileges (unlimited access in the user's home).
The worst scenario would be a local file exposure, that is, one might create a script for the suPHP CGI binary, place it in cgi-bin and be able to modify files which otherwise couldn't be modified.

Please correct me if I'm wrong.
A daemon in need is a daemon indeed.
Reply With Quote