[development] Remove PHP filter by default
Karoly Negyesi
karoly at negyesi.net
Sun Jan 29 21:39:52 UTC 2006
On Sun, 29 Jan 2006 22:33:37 +0100, Morbus Iff <morbus at disobey.com> wrote:
>> We have investigated the ways to become SU. in drupal 4.7 there are at
>> least 7 totally different ways of rooting (for becoming SU is that,
>> exactly) a drupal site. Nearly all are related to gaining PHP rights,
>> then using that to change
>
> I'm confused - how can a PHP input filter cause a user to become root,
> when PHP execs itself in the user space of the Apache process?
Berkes means "Drupal root" obviously.
More information about the development
mailing list