[Pmwiki-users] Wiki Article in IX
Nils Knappmeier
nk
Wed Mar 31 06:29:09 CST 2004
Hi,
>* I'm not sure where the article gets the idea that PmWiki allows
> write access to PHP scripts, to be honest, except for a few
> brief moments during installation.
>
>
As I understand it, the point is that the server has to be configured in
a way that allows PHP Script to write on the hard disk, even if executed
by a user. It's something for the server administrator to consider, not
for the one who installs the wiki.
They're wrong in so far, as there are safety measure like PHP safemode
that only gives the user restricted access to the disk.
If the server is not running safe mode to restrict access for users to
certain directories, the user could indeed destroy the whole /var/www
(which is usually owned by www-data or so), because PHP always runs as
http-user (even when executed from a user homepage).
On the other hand, a malicous PHP script in /var/www could be used to
destroy your wiki.d directory, since that script would certainly not be
running in safemode.
Nils
More information about the pmwiki-users
mailing list