Re: PHP 4.1.1 security bug
From: Tobias Roth (roth@iamexwi.unibe.ch)
Date: 02/28/02
- Next message: Eric Anderson: "Re: Changing Passwords through the web"
- Previous message: Peter Pentchev: "Re: cvsup"
- Maybe in reply to: Mit Rowe: "PHP 4.1.1 security bug"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 28 Feb 2002 11:55:10 +0100 From: Tobias Roth <roth@iamexwi.unibe.ch> To: freebsd-security@freebsd.org
> On Wed, Feb 27, 2002 at 01:11:23PM -0500, Mit Rowe wrote:
> > Ref:
> > http://www.php.net
> > http://security.e-matters.de/advisories/012002.html
>
> The advisory mentions a workaround (Recommendation) for php4
> (file_uploads in php.ini), but nothing for php3 - does anyone know if
> there is something that can be done for that besides disabling it?
> (until it's finished recompiling, I mean)
I tried this workaround, but I don't know if everything is ok:
with file_uploads = On, phpinfo() shows file_uploads = 1
with file_uploads = Off, phpinfo() shows file_uploads = no value
so is 'no value' OK? I'd rather see a 'Off' instead
cheers, T.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
- Next message: Eric Anderson: "Re: Changing Passwords through the web"
- Previous message: Peter Pentchev: "Re: cvsup"
- Maybe in reply to: Mit Rowe: "PHP 4.1.1 security bug"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
