[SUCS Devel] [Git][sucssite/sucs-site][sucs-site] 3 commits: stop .forward file being a symlink
Imran Hussain
imranh at sucs.org
Mon Apr 3 12:59:19 BST 2017
On 03.04.2017 12:52, Andrew Price wrote:
>> Could just read the file and do input validation? .forward is
>> supposed
>> to contain a email address, so why not just read and then use php
>> email
>> validation stuff to check. OR have code in the sucssite that reads
>> the
>> first line of a filer and looks for a string and if that's there
>> then
>> don't read the rest of the file? So in cases of the original exploit
>> have "//pls don't display on the sucs site" as the first line and
>> get
>> the sites code to check for that?
>
> You'd still be able to read someone else's .forward in that case?
That's not the problem. The problem is reading files such as
/var/www/sucssite/suapi.inc.php that only apache should be able to read.
> One way to do it would be to do something like (pseudocode):
>
> fd = open("/home/foo/.forward");
> readlink("/proc/self/fd/" . $fd, &link);
> if (link == "/home/foo/.forward") {
> // read it
> }
> close(fd);
Hmmmmm
--
Imran Hussain
https://sucs.org
More information about the Devel
mailing list