Note, ezmlm is rejecting the attachment, so I have put it here:
http://www.php.net/~imajes/windows-php.zip .. Thanks, James -----Original Message----- From: James Cox [mailto:[EMAIL PROTECTED]] Sent: Friday, March 01, 2002 3:26 PM To: Php-Dev Cc: Php-Qa Subject: [PHP-QA] New Windows Binaries Hey All, Shane and I worked last night to build Windows versions of 4.1.2, and also fix a further vulnerability which exists when you call the cgi directly, for example in cgi with apache, it was possible to call http://example.com/php/php.exe?c:\winnt\repair\sam to get the equivalent of the /etc/passwd file. We have patched it so it is no longer possible to call it directly, so this vulenerability is at least worked around. Due to the fact that some webservers fix this by default anyway, we have 2 new ini options. (see them in the php.ini in the source). The particular one you'll need to set is cgi.force-redirect (0|1) so that for servers that are not exploitable (eg, IIS) you override the setting. I hope that made sense, check out the attached binaries... let us know if there are any problems. if not, i'll put them up on the website with detauiled (Thought out) install instructions for all those windows users, and add comments to the docs. Thanks, James -- James Cox :: [EMAIL PROTECTED] :: Landonize It! http://landonize.it/ Was I helpful? http://www.amazon.co.uk/exec/obidos/wishlist/23IVGHQ61RJGO/ -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php
