Results 1 to 2 of 2
  1. #1

    getcwd() function, security issue ?

    What you guys think if I disable function getcwd() at my php.ini file ?

    I run cPanel and I am trying to fight against web shells ran on my servers.

    Disabling that will cause trouble for many customers script ? What are your thoughts ?
    Dedicated Servers, Managed OpenStack Cloud, Colocation and Managed Colocation in Brazil
    Privately owned 10,000 server capacity Data Center

  2. #2
    Join Date
    Apr 2000
    This, like many other functions, are not a threat in and of themselves. It all depends on what you are using it for, how it's being used and if it can be used outside of the expected parameters somehow. I don't think it should pose a problem, but it all depends. There are too many ways to create an insecure script by mistake and you can't prevent that. Provided the server is set up securely, it shouldn't pose an issue. The fact is, it can be easily gotten around, and there are other means to have someone create the same problem otherwise, too.

    You have to expect that user's will have vulnerable scripts, or expect them to be the enemy, in a matter of speaking. Protect yourself (your server) from them and their scripts, so they can run their scripts without problems or errors, and so you and your other clients remain protected from security and load issues. If you do this, you don't have to make the client's suffer in an attempt to better secure your setup/server. After all, there's a ton of ways people can open up the same problems via functions that you can't disable anyway.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts