system("cat /etc/fam.conf");

Discussion in 'General' started by ivomendonca, Nov 21, 2009.

  1. ivomendonca

    ivomendonca Banned

    Hello, in my servers i see all files in harddrive using the system(); command in php.
    using fast-cgi and secure server settings.

    Is this normal?

    Thanks.
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Yes, thats normal. If a file is world readable like /etc/fam.conf, then every user of the linux system can see the file with system or exec. To prevent this you should always disable functions like exec, system and passthru by adding them to the disable_functions line in the php.ini that is used for cgi and mod_php. Do not add it to the php.ini used for cli as this would disable the ispconfig daemon.
     

Share This Page