|
|
最近在查看LuManager的php设置时, 发现了一个不安全的设置... 具体出现php的open_basedir设置上..
为了系统安全, 而设置open_basedir 参数, 但看到LuManager创建新站的时候, 会把新站的地址写入到open_basedir里面.. 而这个变量(是否是变量? 不懂php哈) 会被用户获取到, 这样导致此端口下的虚拟主机绝对路径被获取.. 对其他的虚拟产生危险了...
- /home/ftp/1520/www_baidu_com-20110528-cAd/test.com/:/home/ftp/1520/wyxk_cn-20110530-yZi/wyxk.cn/:/home/ftp/1520/neo-20110529-Pnl/neo/:/home/ftp/1520/1com-20110521113832-gbBxnU/qianduan.com/:/home/ftp/1520/hanzi-20110529-LUi/1118.3322.org/:/home/ftp/1520/meditalking-20110529-bFl/www.meditalking.com/:/home/ftp/1520/www_baidu_com-20110528-cAd/www.baidu.com/:/home/ftp/1520/chinatest-20110528-wDl/chinatest.us/:/home/ftp/1520/test_s0ft_info-20110528-JGP/test.s0ft.info/:/home/ftp/1520/ls-20110528-boO/lsdk/:/home/ftp/1520/zijideluyr-20110527-kLZ/test.yrapp.com/:/home/ftp/1520/1com-20110521113832-gbBxnU/www.hxdg.com/:/home/ftp/1520/windphp_com-20110527-djg/test.windphp.com/:/home/ftp/1520/1com-20110521113832-gbBxnU/zijideluzb.com/:/home/ftp/1520/dig_hk-20110527-pGW/t.dig.hk/:/home/ftp/1520/sudu123-20110527-fdA/sudu123/:/home/ftp/1520/www_gaokede_com-20110527-sYT/www.gaokede.com/:/home/ftp/1520/43243_com-20110527-diG/43243.com/:/home/ftp/1520/shop_123-20110527-htZ/shop.zijidelu.org/:/home/ftp/1520/abcfd_com-20110527-rVx/abcfd.com/:/home/ftp/1520/bbs-20110527-Nzj/bbs/:/home/ftp/1520/sun_lan-20110526-Uwd/testdz.com/:/home/ftp/1520/zijideluaaa-20110527-DcK/testdz.com/:/home/ftp/1520/www_abcd123_com-20110527-hRf/www.abcd123.com/:/home/ftp/1520/06zsb_cn-20110527-IOx/06zsb.cn/:/home/ftp/1520/ffdd-20110527-KXT/ffdd/:/home/ftp/1520/ph-20110527-Qxe/ph/:/home/ftp/1520/sffd-20110527-tDN/sffd/:/home/ftp/1520/i_com-20110527-fju/i.com/:/home/ftp/1520/p_com2-20110527-XiE/p.com2/:/home/ftp/1520/kenna-20110527-erl/kenna/:/home/ftp/1520/rewer_com-20110527-WpS/rewer.com/:/home/ftp/1520/sdfdef-20110526-cfn/sdfdef/:/home/ftp/1520/sun_lan-20110526-Uwd/sun.lan/:/home/ftp/1520/kxtc1-20110526-uJF/kxtc1.zijidelu.org/:/home/ftp/1520/test_henter_me-20110526-YdD/test.henter.me/:/home/ftp/1524/fwre-20110525-cVB/www.aiganyu.com/:/home/ftp/1520/www_163_com-20110526-Efm/www.163.com/:/home/ftp/1520/job7788_com-20110526-Eox/job7788.com/:/home/ftp/1520/yinzhou2-20110525-DiU/www.1234562.com/:/home/ftp/1520/t_dig_hk-20110525-Zqi/t.dig.hk/:/home/ftp/1520/ktvclub_net-20110524-nkV/ktvclub.net/vip/:/home/ftp/1520/ktvclub_net-20110524-nkV/ktvclub.net/:/home/ftp/1520/keniula_com_cn-20110523-uih/keniula.com.cn/:/home/ftp/1520/p_com-20110523-GiN/p.com/:/home/ftp/1520/iweibo_com-20110523-WLO/iweibo.com/:/home/ftp/1520/xweibo_com-20110523-XJp/xweibo.com/:/home/ftp/1520/haha_1_com-20110523-QIY/haha-1.com/:/home/ftp/1520/discuz_1_5_com-20110523-ARL/discuz.1.5.com/:/home/ftp/1520/ecshop_com-20110523-BLG/ecshop.com/:/home/ftp/1520/ecgroupon_com-20110523-DJu/ecgroupon.com/:/home/ftp/1520/discuz_net-20110523-jbd/discuz.net/:/home/ftp/1520/phpwind_net-20110523-laX/phpwind.net/:/home/ftp/1520/17lgb-20110522060425-aHMBAP/434.com/:/home/ftp/1520/1com-20110521113832-gbBxnU/4324.com/:/home/ftp/1520/17lgb-20110522060425-aHMBAP/www.17lgb.com/:/home/ftp/1520/1com-20110521113832-gbBxnU/1.com/:/home/ftp/1520/me_hf35_net-20110620-rcp/me.hf35.net/:/tmp:/var/tmp
这个是测试地址的部分网站目录.
------------------------------------------------------------------------------------------
在启动memcache的时候发现没有监听端口, 但是程序还是运行的, 查看是memcached启动参数问题.
- /usr/local/memcached/bin/memcached -d -m 128 -u root -p 11211 -c 1024 -p /var/run/memcached.pid
请爱洞查看..
|
|
IP卡
狗仔卡
发表于 2011-8-30 09:49:52
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
显身卡
楼主