On Sunday 29 January 2006 15:33, Morbus Iff wrote:
We have investigated the ways to become SU. in drupal 4.7 there are at least 7 totally different ways of rooting (for becoming SU is that, exactly) a drupal site. Nearly all are related to gaining PHP rights, then using that to change
I'm confused - how can a PHP input filter cause a user to become root, when PHP execs itself in the user space of the Apache process?
Not Unix root, but Drupal root. <?php db_query("Update {users} set name='me', pass=md5('ownzed') where uid=1"); ?> View that page. Then log in as me/ownzed and you've just taken over UID 1. (Above code may only work on MySQL, but I'm sure a postgres version is no more difficult.) I think that's the kind of thing people are worried about, and now that I think about it so am I. I think the simplest solution is just to move the PHP filter to a contrib module. Those that want it can drop it in and enable it, while those that don't need it don't have to worry about it. -- Larry Garfield AIM: LOLG42 larry@garfieldtech.com ICQ: 6817012 "If nature has made any one thing less susceptible than all others of exclusive property, it is the action of the thinking power called an idea, which an individual may exclusively possess as long as he keeps it to himself; but the moment it is divulged, it forces itself into the possession of every one, and the receiver cannot dispossess himself of it." -- Thomas Jefferson