Chris Robertson wrote: >> Chris Robertson wrote: >>> Where's the posix api and dl-functionality report? Any specific >>> keywords to narrow it down? >> disable_*** in php.ini? > I thought you meant a vulnerability/exploit report...
Yup - peek at CVE-2007-3304. Requires php scripts to run in-process, you are hosting untrusted (or vulnerable) scripts. Most effective workaround whenever you run untrusted php scripts is to invoke php under cgiwrap/suexec as someone less than your wwwuser. Also simply don't permit php functions of dl/posix etc which manipulate arbitrary things on unix such as processes, dynanmic modules, memory, etc. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
