Home About Articles Contact Library Projects
Consortium News
Fri, 20 Oct 2006
PHP Security Consortium Launches New Project - PHPSecInfo

Wed, 16 Nov 2005
Daniel Convissor Elected as Principal

Promotional Links
Please support us by providing a link to the PHP Security Consortium on your web site. You can also use our promotional image:

PhpSecInfo Test Information

group_id

Test Description

Checks the group ID of the PHP process to see if it is less than 100. If the executing user belongs to more than one group, the lowest group ID it belongs to used.

Security Implications

Group IDs under 100 are generally reserved for privileged/system users. If PHP executes as a group ID under 100, it may have access to read or manipulate system files.

Recommendations

Change the user and group that PHP executes as. If you're using the Apache module, you'll need to change what user Apache runs as with the User and Group directives. If PHP is executing as a CGI, look at a method of executing CGIs as a non-privileged user like Apache's suEXEC or mod_suPHP.

More Information

« Test information index
Get PhpSecInfo