ID: 13268 Updated by: yohgaki Reported By: [EMAIL PROTECTED] Old Status: Open Status: Analyzed Bug Type: Session related Operating System: linux PHP Version: 4.0CVS-2001-09-12 New Comment:
Will this be changed? Any one want me to fix it by adding addtional ini entry? Previous Comments: ------------------------------------------------------------------------ [2001-09-12 13:57:13] [EMAIL PROTECTED] php (from 4.0.6 and the latest cvs code), has PS_MM_PATH statically defined in ext/session/mod_mm.c. This, coupled with hardcoding of only an extension in libmm.so, allows for a very easy DOS on systems that use session management for at least cgi and external binary placements for php, and quite possibly module installation. Is it produceable? sure.. touch /tmp/session_mm.sem (if using php and mm) ------------------------------------------------------------------------ Edit this bug report at http://bugs.php.net/?id=13268&edit=1 -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
