[development] Remove PHP filter by default
Morbus Iff
morbus at disobey.com
Sun Jan 29 21:33:37 UTC 2006
> We have investigated the ways to become SU. in drupal 4.7 there are at least 7
> totally different ways of rooting (for becoming SU is that, exactly) a drupal
> site. Nearly all are related to gaining PHP rights, then using that to change
I'm confused - how can a PHP input filter cause a user to become root,
when PHP execs itself in the user space of the Apache process?
--
Morbus Iff ( god less america )
Technical: http://www.oreillynet.com/pub/au/779
Culture: http://www.disobey.com/ and http://www.gamegrene.com/
icq: 2927491 / aim: akaMorbus / yahoo: morbus_iff / jabber.org: morbus
More information about the development
mailing list