��ܵ��Ĺ��

�� PHP Ƕ�뵽�� Apache��Ϊһ��ģ�鰲װ�Ļ��ѡ�� CGI ��ģʽ��װ��߰� PHP ��ڲ�ͬ�� CGI ��װ�Ա�Ϊ��봴��ȫ�� chroot �� setuid ��ְ�װ��ʽͨ�� PHP �Ŀ�ִ��ļ��װ�� web �� cgi-bin Ŀ¼��CERT �� » CA-96.11 ��鲻Ҫ��κεĽ��ŵ� cgi-bin Ŀ¼�� PHP ��Ϊһ��Ľ��ʹ��Է�ֹ��͵Ĺ��

��ϵͳ�ļ��http://my.host/cgi-bin/php?/etc/passwd �� URL ��ʺţ�?��Ϣ�ᴫ�� CGI �ӿ��Ϊ��еĲ��Ľ��д򿪲�ִ�е�һ��ָ��ļ�� ǣ�� CGI ģʽ��װ�� PHP ��ʱ��ܾ��Щ��
��ʷ��ϵ��Ŀ¼��http://my.host/cgi-bin/php/secret/doc.html ��PHP ��Ŀ¼�� URL ��Ϣ /secret/doc.html ��еش�� CGI ��򲢽��н��͡�ͨ��һЩ web ��ĻὫ��ض��ҳ�棬�� http://my.host/secret/script.php��Ļ��ĳЩ��ȼ��û�� /secret Ŀ¼��Ȩ�ޣ�Ȼ��Żᴴ�� http://my.host/cgi-bin/php/secret/script.php �ϵ�ҳ��ض��򡣲��ҵ��ǣ��ܶ��û�м��û�� /secret/script.php ��Ȩ�ޣ�ֻ�� /cgi-bin/php ��Ȩ�ޣ��κ��ܷ�� /cgi-bin/php ��û��Ϳ��Է�� web Ŀ¼�µ��ļ��ˡ� �� PHP ���ʱ��ѡ�� --enable-force-cgi-redirect �Լ��ʱ��ָ�� doc_root �� user_dir ��Ϊ��ϵ��ļ��Ŀ¼��ƣ��ڷ�ֹ��๥��潫�Ը��ѡ��ý��ϸ��⡣

�����ܵ��Ĺ���

��ܵ��Ĺ��