Safe_mode and dl() function

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
Icarus2004
Forum Newbie
Posts: 1
Joined: Mon Apr 11, 2005 12:55 pm

Safe_mode and dl() function

Post by Icarus2004 »

Hi

We had a problem last Friday when we were hacked.
Someone found an account pasword and uploaded three files, one of them was a php that used the dl() to load a library loaded by the hacker, that changed the apache and every site resolved to a spyware page.

We disabled the dl function at the php.ini and solve the problem, but when we compiled our apache, and after, when we find the problem, we knew that safe_mode should deactivate dl function, but in our case, that didn't happened.

As we understand at php.net function list, at dl function you can find this info: "If the functionality of loading modules is not available (see Note) or has been disabled (either by turning it off enable_dl or by enabling safe mode in php.ini) an E_ERROR is emitted and execution is stopped"

Our box has a cpanel/whm and we have everithing updated.
(RH 9, Apache 1.3.33, php 4.3.10)

So we have fixed the problem, but want to know if anyone knows why dl function load that library when we have safe_mode enable?.

Thanks in advance
Post Reply