Date: Thu, 28 Feb 2002 11:55:10 +0100 From: Tobias Roth <roth@iamexwi.unibe.ch> To: freebsd-security@freebsd.org Subject: Re: PHP 4.1.1 security bug Message-ID: <20020228115510.A21754@klee.unibe.ch> In-Reply-To: <"from melange"@yip.org> References: <DBEMKGPNFGOGJHLMDNDJMEMGGCAA.mitayai@dreamlabs.com> <"from mitayai"@dreamlabs.com> <20020227152720.G40253@yip.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> On Wed, Feb 27, 2002 at 01:11:23PM -0500, Mit Rowe wrote: > > Ref: > > http://www.php.net > > http://security.e-matters.de/advisories/012002.html > > The advisory mentions a workaround (Recommendation) for php4 > (file_uploads in php.ini), but nothing for php3 - does anyone know if > there is something that can be done for that besides disabling it? > (until it's finished recompiling, I mean) I tried this workaround, but I don't know if everything is ok: with file_uploads = On, phpinfo() shows file_uploads = 1 with file_uploads = Off, phpinfo() shows file_uploads = no value so is 'no value' OK? I'd rather see a 'Off' instead cheers, T. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020228115510.A21754>