![]() ![]() ![]() The file that was accessed on this path first will be stored by opcache and be used by any interpreters executing the same file later on.Įven without a chroot it is often easy to predict where files of another user on the same server will be located and they can still be included circumventing any file permissions set on these files even if PHP executes as the correct user (made even more trivial to figure out interesting files if access to the opcache_get_status() function is not restricted by the host).Įxample is in the "test script" below which shortly shows my relevant config lines. When turning on opcache in commonly used hosting environments where users are chrooted it is very easy to get key collissions as the full path of a file in a chroot can commonly be /wp-config.php. PHP's opcache seems to create keys for files it caches based on their filepath (including the cwd when the option e_cwd is set). ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |