From owner-freebsd-questions@FreeBSD.ORG Sun Oct 15 18:07:21 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4246316A47B for ; Sun, 15 Oct 2006 18:07:21 +0000 (UTC) (envelope-from pauls@utdallas.edu) Received: from mail.stovebolt.com (webmail.stovebolt.com [66.221.101.249]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6F02D43D5C for ; Sun, 15 Oct 2006 18:07:18 +0000 (GMT) (envelope-from pauls@utdallas.edu) Received: from [192.168.2.102] (adsl-65-69-141-242.dsl.rcsntx.swbell.net [65.69.141.242]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.stovebolt.com (Postfix) with ESMTP id 95FBB114307 for ; Sun, 15 Oct 2006 13:08:26 -0500 (CDT) Date: Sun, 15 Oct 2006 13:07:15 -0500 From: Paul Schmehl To: freebsd-questions@freebsd.org Message-ID: <0F7C0CB4C34ECD44CCF3CDD0@paul-schmehls-powerbook59.local> In-Reply-To: <453274C3.7090409@bsdunix.ch> References: <45322A1D.8070204@hadara.ps> <20061015151215.15a4062e@loki.starkstrom.lan> <200610151239.12127.freebsd@dfwlp.com> <453274C3.7090409@bsdunix.ch> X-Mailer: Mulberry/4.0.5 (Mac OS X) MIME-Version: 1.0 Content-Type: multipart/signed; micalg=sha1; protocol="application/pkcs7-signature"; boundary="==========64BA46DEEBADEB46244D==========" X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: Re: PHP new vulnarabilities X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 15 Oct 2006 18:07:21 -0000 --==========64BA46DEEBADEB46244D========== Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: quoted-printable Content-Disposition: inline --On October 15, 2006 7:49:55 PM +0200 Thomas =20 wrote: > > Maybe the bug was not in your vuxml when you compiled php5-5.1.6_1. You > can use: > make -DDISABLE_VULNERABILITIES install clean > It will ignore the vuxml entry. > No offense, but anybody who *deliberately* installs a vulnerable version=20 of php in *today's* world, is an absolute fool. Some of us are *stuck*=20 with the vulnerable version, because we installed before the vulnerability = was found. We can't go back because previous versions are *also*=20 vulnerable. But *deliberately* installing it when you *know* it's vulnerable - and one = of the most attacked applications on the internet? Foolhardy doesn't=20 quite grasp the insanity of that. Paul Schmehl (pauls@utdallas.edu) Adjunct Information Security Officer The University of Texas at Dallas http://www.utdallas.edu/ir/security/ --==========64BA46DEEBADEB46244D==========--