From: [EMAIL PROTECTED] Operating system: Linux PHP version: 4.0.1pl2 PHP Bug Type: Unknown/Other Function Bug description: Require command reads /etc/passwd Hello, I have found a bug in PHP 4.01pl2 and maybe it exist in all other php versions too. A php script can read all files on the system when the read flag for everyone is set for that file. This code shows the problem: <? require('../../../../../../../etc/passwd'); ?> It is not a very serious bug but by reading local files a hacker might get important information he (or she) could use to hack into the system. Bye Sebastian Wolfgarten -- Edit Bug report at: http://bugs.php.net/?id=9353&edit=1 -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]