Server IP : 103.119.228.120 / Your IP : 3.129.195.254 Web Server : Apache System : Linux v8.techscape8.com 3.10.0-1160.119.1.el7.tuxcare.els2.x86_64 #1 SMP Mon Jul 15 12:09:18 UTC 2024 x86_64 User : nobody ( 99) PHP Version : 5.6.40 Disable Function : shell_exec,symlink,system,exec,proc_get_status,proc_nice,proc_terminate,define_syslog_variables,syslog,openlog,closelog,escapeshellcmd,passthru,ocinum cols,ini_alter,leak,listen,chgrp,apache_note,apache_setenv,debugger_on,debugger_off,ftp_exec,dl,dll,myshellexec,proc_open,socket_bind,proc_close,escapeshellarg,parse_ini_filepopen,fpassthru,exec,passthru,escapeshellarg,escapeshellcmd,proc_close,proc_open,ini_alter,popen,show_source,proc_nice,proc_terminate,proc_get_status,proc_close,pfsockopen,leak,apache_child_terminate,posix_kill,posix_mkfifo,posix_setpgid,posix_setsid,posix_setuid,dl,symlink,shell_exec,system,dl,passthru,escapeshellarg,escapeshellcmd,myshellexec,c99_buff_prepare,c99_sess_put,fpassthru,getdisfunc,fx29exec,fx29exec2,is_windows,disp_freespace,fx29sh_getupdate,fx29_buff_prepare,fx29_sess_put,fx29shexit,fx29fsearch,fx29ftpbrutecheck,fx29sh_tools,fx29sh_about,milw0rm,imagez,sh_name,myshellexec,checkproxyhost,dosyayicek,c99_buff_prepare,c99_sess_put,c99getsource,c99sh_getupdate,c99fsearch,c99shexit,view_perms,posix_getpwuid,posix_getgrgid,posix_kill,parse_perms,parsesort,view_perms_color,set_encoder_input,ls_setcheckboxall,ls_reverse_all,rsg_read,rsg_glob,selfURL,dispsecinfo,unix2DosTime,addFile,system,get_users,view_size,DirFiles,DirFilesWide,DirPrintHTMLHeaders,GetFilesTotal,GetTitles,GetTimeTotal,GetMatchesCount,GetFileMatchesCount,GetResultFiles,fs_copy_dir,fs_copy_obj,fs_move_dir,fs_move_obj,fs_rmdir,SearchText,getmicrotime MySQL : ON | cURL : ON | WGET : ON | Perl : ON | Python : ON | Sudo : ON | Pkexec : ON Directory : /usr/share/doc/gamin-0.1.10/ |
Upload File : |
If there is abstract socket support: ==================================== use them as "\0/tmp/fam-$USER-$GAM_CLIENT_ID" They are not mapped on the filesystem, no attack is possible that way. The client and the server checks on the first '\0' byte received that the other side is of the same UID If there is no abstract socket support: ======================================= Server side: ------------ start: try to create /tmp/fam-$USER using mkdir('/tmp/fam-$USER', 007) if error: make a stat() on it if doesn't exist: return failure to create if user is not getuid() or mode is not 007 or type is not dir: try to unlink() if error: exit with error. if success: goto start: do the socket()/bind() on /tmp/fam-$USER/fam-$GAM_CLIENT_ID Client side: ------------ make a stat on /tmp/fam-$USER if doesn't exist: return failure to create should start the server if user is not getuid() or mode is not 007 or type is not dir: try to unlink() if error: exit with error. if success: return failure should start the server make a stat on /tmp/fam-$USER/fam-$GAM_CLIENT_ID if doesn't exist: return failure to create should start the server if user is not getuid() or type is not socket: try to unlink() if error: exit with error. if success: return failure should start the server do the socket()/connect() on /tmp/fam-$USER/fam-$GAM_CLIENT_ID The client and the server checks on the first '\0' byte received that the other side is of the same UID.