Folder security bug


#1

We using easyengine with multiply sites on server. We using php7 The problem is what php process have write access to all folders on servers. Example: if I have sites in folders /var/www/site1 and /var/www/site2 And I put file in /var/www/site1/test.php with code

$file = fopen('/var/www/rehitim.wg1.tempurl.tk/htdocs/test.php', 'w');
fwrite($file, '<?php echo "Hack site";?>');

I can write to file /var/www/site2/infected.php Its very basic security bug.

Please help.


#2

Just edit your php.ini file and set safe_mode = On More info about php safe_mode : http://php.net/manual/en/features.safe-mode.functions.php


#3