Running gallery?
troy
fryman at sonic.net
Tue Feb 11 15:23:33 PST 2003
On Mon, Feb 10, 2003 at 10:29:21AM -0800, error wrote:
> So yesterday I was installing gallery and I found a huge security hole.
> The entire gallery.sf.net project has a really bad security model.
>
> I made a really fast boring advisory here:
>
> http://online.securityfocus.com/archive/1/311161/2003-02-07/2003-02-13/0
>
Maybe I read this wrong, but this doesn't seem to have much to do with
gallery. You're going to run into this wherever you have multiple users
whose cgi's run as the webserver UID, and webserver UID writable files
and dirs. CGIwrap would help in this case.
The safe_mode thing *is* annoying though. And gallery doesn't seem to work on
php 4.3 (because of a register_globals side effect that has been fixed in
php 4.3) So there's definitely some code cleanup to be done. I *think*
that gallery is reasonably safe if you're running it on a server without
untrusted users w/cgi access. Meaning, I don't see any XSS issues with
form input, or other client side trickery.
If I'm mistaken, I'd like to know 'cause I have a gallery installation
up :)
-troy
More information about the talk
mailing list