I do not use PHP normally, but I use a couple of programs that do, such as squirrelmail. I am aware of several remote code execution vulnerabilities in some PHP versions. I am also aware that in many cases, these vulnerabilities require an unsecure configuration option in either the PHP install, or the software written to use PHP.
I was wondering if the PHP installed with Trustix (2.1, 2.2, 3.0) has been checked, so that the default options set in the trustix php package(s) are as secure as possible from the beginning. If not, what should I change to lock things down appropriately? [I'm going to Google next, but thought I might get a more thorough response from this list.] Thanks, Greg _______________________________________________ tsl-discuss mailing list [email protected] http://lists.trustix.org/mailman/listinfo/tsl-discuss
