[Full-Disclosure] Re: Information Disclosure with Invision Board installation (fwd)

From: Ka (ka@khidr.net)
Date: 09/25/02


From: ka@khidr.net (Ka)
Date: Wed, 25 Sep 2002 13:55:10 +0200


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Well, Gossi,

I agree with your standpoint. Some "project leaders"
easily turn into "project defenders" when one takes
a closer look at their project. .o)

So the advice for any server with "Invision Board" installed
is to disable phpinfo() in the php startup file in addition
to setting safe-mode = On and perhaps specifying a special
safe_mode_exec_dir.

- -- see /etc/php.ini --

; This directive allows you to disable certain functions for security reasons.
; It receives a comma-deliminated list of function names. This directive is
; *NOT* affected by whether Safe Mode is turned On or Off.
disable_functions = phpinfo

- ----------------------

Ka
- --
"It's the perfect time of day
to throw all your cares away" Barenaked Ladies
http://www.khidr.net/users/ka/pgpkey.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE9kaQf72vu22ltWBERAmZSAJ9zCkpzTzh0d/XQ7JmRtRU4eIQs9wCffao1
xBEznfgI7TidhIhG8wOJYF8=
=rUAX
-----END PGP SIGNATURE-----



Relevant Pages