Re: ping22: can not kill this process

To: debian-security@lists.debian.org
Subject: Re: ping22: can not kill this process
From: "Javier Fernandez-Sanguino" <jfs@computer.org>
Date: Fri, 4 Jan 2008 12:37:35 +0100
Message-id: <[🔎] f3c99a80801040337n557c828p3efbce8c8285a7a1@mail.gmail.com>
In-reply-to: <[🔎] 20080104064648.GN28885@linuxmafia.com>
References: <91dd90da0712301159s3f629c4bsc288aa96a810295d@mail.gmail.com> <E1J99PE-0000a1-00@calista.eckenfels.net> <91dd90da0712301828n6cbea16eq38909526270d2757@mail.gmail.com> <200712311403.53794.jan@stephan.homeunix.net> <[🔎] 91dd90da0801011610u15d93179n27c9bedfd31e62e0@mail.gmail.com> <[🔎] c1a7b3c90801011721y75b45107r92a5f39adb22b43b@mail.gmail.com> <[🔎] 91dd90da0801011846k7e01050du33f6589f27403ef2@mail.gmail.com> <[🔎] 91dd90da0801031518o767a5937je92550695aa66f4f@mail.gmail.com> <[🔎] c1a7b3c90801031755l7accf08dk6bd8343909834d69@mail.gmail.com> <[🔎] 20080104064648.GN28885@linuxmafia.com>

2008/1/4, Rick Moen <rick@linuxmafia.com>:
> Quoting Luis Mondesi (lemsx1@gmail.com):
>
> > It's time to tell PHP (via php.ini) not to allow any of those
> > functions that allow executing stuff from the system (system,
> > passthru, whatever).
>
> Amen to that.  Good starting point:
>  disable_functions = system, exec, passthru, popen, escapeshellcmd, shell_exec

Even better: /usr/share/doc/php5-common/examples/php.ini-paranoid
(it includes some more functions in that definition)

IIRC it includes those and some more. You might want to diff your
php.ini copy to that one to see the different things you could do to
improve your PHP installation.

Regards

Javier

Reply to:

Follow-Ups:
- Re: ping22: can not kill this process
  - From: Rick Moen <rick@linuxmafia.com>

References:
- Re: ping22: can not kill this process
  - From: "Mike Wang" <comritesecurity@gmail.com>
- Re: ping22: can not kill this process
  - From: "Luis Mondesi" <lemsx1@gmail.com>
- Re: ping22: can not kill this process
  - From: "Mike Wang" <comritesecurity@gmail.com>
- Re: ping22: can not kill this process
  - From: "Mike Wang" <comritesecurity@gmail.com>
- Re: ping22: can not kill this process
  - From: "Luis Mondesi" <lemsx1@gmail.com>
- Re: ping22: can not kill this process
  - From: Rick Moen <rick@linuxmafia.com>

Prev by Date: Install process certification
Next by Date: Re: ping22: can not kill this process
Previous by thread: Re: ping22: can not kill this process
Next by thread: Re: ping22: can not kill this process
Index(es):
- Date
- Thread