From owner-freebsd-questions@FreeBSD.ORG  Sun Oct 15 18:07:21 2006
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 4246316A47B
	for <freebsd-questions@freebsd.org>;
	Sun, 15 Oct 2006 18:07:21 +0000 (UTC)
	(envelope-from pauls@utdallas.edu)
Received: from mail.stovebolt.com (webmail.stovebolt.com [66.221.101.249])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 6F02D43D5C
	for <freebsd-questions@freebsd.org>;
	Sun, 15 Oct 2006 18:07:18 +0000 (GMT)
	(envelope-from pauls@utdallas.edu)
Received: from [192.168.2.102] (adsl-65-69-141-242.dsl.rcsntx.swbell.net
	[65.69.141.242])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mail.stovebolt.com (Postfix) with ESMTP id 95FBB114307
	for <freebsd-questions@freebsd.org>;
	Sun, 15 Oct 2006 13:08:26 -0500 (CDT)
Date: Sun, 15 Oct 2006 13:07:15 -0500
From: Paul Schmehl <pauls@utdallas.edu>
To: freebsd-questions@freebsd.org
Message-ID: <0F7C0CB4C34ECD44CCF3CDD0@paul-schmehls-powerbook59.local>
In-Reply-To: <453274C3.7090409@bsdunix.ch>
References: <45322A1D.8070204@hadara.ps>
	<20061015151215.15a4062e@loki.starkstrom.lan>
	<200610151239.12127.freebsd@dfwlp.com> <453274C3.7090409@bsdunix.ch>
X-Mailer: Mulberry/4.0.5 (Mac OS X)
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=sha1;
	protocol="application/pkcs7-signature";
	boundary="==========64BA46DEEBADEB46244D=========="
X-Content-Filtered-By: Mailman/MimeDel 2.1.5
Subject: Re: PHP new vulnarabilities
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 15 Oct 2006 18:07:21 -0000

--==========64BA46DEEBADEB46244D==========
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

--On October 15, 2006 7:49:55 PM +0200 Thomas <freebsdlists@bsdunix.ch>=20
wrote:
>
> Maybe the bug was not in your vuxml when you compiled php5-5.1.6_1. You
> can use:
> make -DDISABLE_VULNERABILITIES install clean
> It will ignore the vuxml entry.
>
No offense, but anybody who *deliberately* installs a vulnerable version=20
of php in *today's* world, is an absolute fool.  Some of us are *stuck*=20
with the vulnerable version, because we installed before the vulnerability =

was found.  We can't go back because previous versions are *also*=20
vulnerable.

But *deliberately* installing it when you *know* it's vulnerable - and one =

of the most attacked applications on the internet?  Foolhardy doesn't=20
quite grasp the insanity of that.

Paul Schmehl (pauls@utdallas.edu)
Adjunct Information Security Officer
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/

--==========64BA46DEEBADEB46244D==========--