The fact that 3rd party libs can load arbitrary files is not a new concept. Every time I give a moderately detailed PHP talk I mention the fact that there is a way to load a file through the oci8 libs. Of course it can be done through the mysql libs as well. This is not a new concept. All someone woulod have had to do to learn of this "vulnerability" would have been to go to any of the PHP talks I have given in the past 3 years.
We will not scan queries to catch these. Safe mode is a crappy fix to a problem that isn't ours. -Rasmus On Tue, 5 Feb 2002, Andi Gutmans wrote: > We have always said that safe mode isn't very safe. I'm sure there are > other ways of circumventing it. > Unless a few people focus specifically on safe mode I don't think this will > change. > > Andi > > At 12:26 AM 2/5/2002 -0500, James E. Flemer wrote: > >BTW I just noticed that this has been entered as bug > >#15375. > > > > > >-- > >PHP Development Mailing List <http://www.php.net/> > >To unsubscribe, visit: http://www.php.net/unsub.php > > > -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php
