Re: Question on recent PHP VuXML info
- From: "Simon L. Nielsen" <simon@xxxxxxxxxxx>
- Date: Tue, 9 Sep 2008 22:49:59 +0200
On 2008.09.08 09:18:18 -0700, Jeremy Chadwick wrote:
On Mon, Sep 08, 2008 at 08:33:49AM -0700, Andrew Storms wrote:
Not sure if this is the correct place for VuXML questions, but the FreeBSD
VuXML list ( http://lists.freebsd.org/pipermail/freebsd-vuxml/) looks pretty
dead given the last update was in 2007 according to the archives.
We were previously tracking this entry, which pretty much sat for a while
without an applicable upgradeable resolution available.
While I haven't looked into the details of this particular entry,
Jille and Jeremy did that well, I just want to take this opportunity
to point out that "safe_mode" is broken... From the particular entry:
It should be noted that this vulnerability is not
considered to be serious by the FreeBSD Security Team,
since safe_mode and open_basedir are insecure by design and
should not be relied upon.
We (secteam) have seriously debated if it was worth documenting
"safe_mode" issues at all, but the compromise was just to add
something similar to the above text.
--
Simon L. Nielsen
FreeBSD Security Team
_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"
- References:
- Question on recent PHP VuXML info
- From: Andrew Storms
- Re: Question on recent PHP VuXML info
- From: Jeremy Chadwick
- Question on recent PHP VuXML info
- Prev by Date: Re: jails
- Next by Date: Re: Heimdal or MIT for kerberos?
- Previous by thread: Re: Question on recent PHP VuXML info
- Next by thread: jails
- Index(es):
Relevant Pages
|
