That's pretty interesting suff. This can only be good for the long term
health of PHP,
but we might seem some haxors attempting to exploit these 0days..better stay
patched!
I started off a c-coder, ... for anyone who's intrested in php internals (c
code)
the book 'Extending and Embedding PHP' is a great one.
- Ben
----- Original Message -----
From: "csnyder" <[EMAIL PROTECTED]>
To: "NYPHP Talk" <[email protected]>
Sent: Tuesday, February 20, 2007 6:59 PM
Subject: [nyphp-talk] Upcoming Month of PHP Bugs
So apparently we're in for a treat in March (as if daylight savings
time wasn't enough) as Stefan Esser will be publicizing a laundry list
of active vulnerabilities in PHP, one or more for each day of the
month.
http://www.securityfocus.com/columnists/432/
Here's somebody who had been working with the core developers to try
to get these things fixed, but has been frustrated to the point of
resorting to a "Month of Bugs" style publicity stunt. If what he says
is true, about overflows and other bugs being ignored, that's a pretty
major breakdown in quality control.
I don't know C, and I would have no idea what to look for in doing an
audit of PHP (the language) itself. But it seems (from Ilia's comments
anyway) that such an audit is long overdue.
So now I have to wonder, do IBM and Yahoo deploy stock PHP binaries?
Or do they carry out their own internal audits to discover and patch
the sloppier parts of the codebase?
--
Chris Snyder
http://chxo.com/
_______________________________________________
New York PHP Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk
NYPHPCon 2006 Presentations Online
http://www.nyphpcon.com
Show Your Participation in New York PHP
http://www.nyphp.org/show_participation.php
_______________________________________________
New York PHP Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk
NYPHPCon 2006 Presentations Online
http://www.nyphpcon.com
Show Your Participation in New York PHP
http://www.nyphp.org/show_participation.php
