[CC:102] Issue 25 in codechecker: Prevent users from opening files
1 view
Skip to first unread message
codec...@googlecode.com
Apr 27, 2010, 2:29:46 PM4/27/10
to codec...@googlegroups.com
Status: New
Owner: ----
Labels: Type-Defect Priority-Medium
New issue 25 by sp2hari: Prevent users from opening files
http://code.google.com/p/codechecker/issues/detail?id=25
What steps will reproduce the problem?
1. Let us assume my mysql config file is at /var/www/app/config.php
2. Allow PHP submissions in codechecker and submit the file which has
following code
3. echo file_get_contens("/var/www/app/config.php")
What is the expected output? What do you see instead?
Expected output is something like permission denied or something. But
instead the file contents are displayed
What version of the product are you using? On what operating system?
Current Version. Linux/Ubuntu
Please provide any additional information below.
Is there any way we can prevent the users from opening unwanted files?
--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings
--
Subscription settings: http://groups.google.com/group/codechecker/subscribe?hl=en
Owner: ----
Labels: Type-Defect Priority-Medium
New issue 25 by sp2hari: Prevent users from opening files
http://code.google.com/p/codechecker/issues/detail?id=25
What steps will reproduce the problem?
1. Let us assume my mysql config file is at /var/www/app/config.php
2. Allow PHP submissions in codechecker and submit the file which has
following code
3. echo file_get_contens("/var/www/app/config.php")
What is the expected output? What do you see instead?
Expected output is something like permission denied or something. But
instead the file contents are displayed
What version of the product are you using? On what operating system?
Current Version. Linux/Ubuntu
Please provide any additional information below.
Is there any way we can prevent the users from opening unwanted files?
--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings
--
Subscription settings: http://groups.google.com/group/codechecker/subscribe?hl=en
codec...@googlecode.com
Oct 25, 2010, 4:25:52 AM10/25/10
to codec...@googlegroups.com
Updates:
Status: Fixed
Status: Fixed
Comment #1 on issue 25 by krishnan...@gmail.com: Prevent users from opening
files
http://code.google.com/p/codechecker/issues/detail?id=25
e513888a4c fixes the above issue using chroot approach.
Reply all
Reply to author
Forward
0 new messages