On Sat, Nov 15, 2003 at 08:11:34PM -0600, Tom Goulet (UID0) wrote: > If you have register globals off *or* safe mode on, this particular > exploit is useless.
> If you had register globals on and safe mode off then he could run > arbitrary programs as your Apache user. It's possible he could run a > local root exploiting program, but that's not as likely. It really irritates me that people continue to use this when the php.ini file repeatedly warns (no, begs) you not to. Users requiring this to be set should be LARTed, and asked to recode their application. alex -- [EMAIL PROTECTED] Alex J. Avriette, Unix Systems Engineer "It's computationally FEROCIOUS." - Steve Jobs, discussing 64-bit computing -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
