ID: 13268 Updated by: yohgaki Reported By: [EMAIL PROTECTED] Old Status: Analyzed Status: Assigned Bug Type: Session related Operating System: linux PHP Version: 4.0CVS-2001-09-12 Old Assigned To: Assigned To: yohgaki New Comment:
Assign to myself Previous Comments: ------------------------------------------------------------------------ [2001-12-19 22:37:49] [EMAIL PROTECTED] Will this be changed? Any one want me to fix it by adding addtional ini entry? ------------------------------------------------------------------------ [2001-09-12 13:57:13] [EMAIL PROTECTED] php (from 4.0.6 and the latest cvs code), has PS_MM_PATH statically defined in ext/session/mod_mm.c. This, coupled with hardcoding of only an extension in libmm.so, allows for a very easy DOS on systems that use session management for at least cgi and external binary placements for php, and quite possibly module installation. Is it produceable? sure.. touch /tmp/session_mm.sem (if using php and mm) ------------------------------------------------------------------------ Edit this bug report at http://bugs.php.net/?id=13268&edit=1 -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]