Note that the bug is against a platform we strongly advise against using in any sort of production environment. Not that we shouldn't fix it if anybody can reproduce it (which I haven't heard anybody say they could), but there is a reason we are still telling people not to use Apache2+PHP in production.
-Rasmus On Thu, 26 Jun 2003, shimi wrote: > > usually people with some responsibility in mind won't disclose a bug that > might cause system to be penetrated, before the vendor had enough time to > respond with an answer to the bug. if the bug he found might be a bug that > would result in every server running PHP to be cracked, that's not good. > The better thing to be is that he'll contact the PHP security team, which > will fix the bug, roll out a new release which does not have the bug, > announce that there is a security bug and that everyone should upgrade, > and only something like a month afterwards, the author should post an > advisory about the bug to the world, after people had the chance to > protect themselves. > > of course, it is possible that the bug he found can't do anything to php, > and in that case, i assume the security@ people will add it to the > bugs.php.net database or something like that... > > On Thu, 26 Jun 2003, moshe doron wrote: > > > > > > limited, so before a check, every segfault *might* have security issues > > > behind... > > > > in the bottom line, there were, there'll and probably there are such "security > > issues" where the dealing is publicly/ > > in contrary there was in the past file uploading issue that cause to role pl. > > where is the difference? the size of the overriding memory? > > > > -- > > moshe. > > > > -- > > Best regards, > Shimi > > > ---- > > "Outlook is a massive flaming horrid blatant security violation, which > also happens to be a mail reader." > > "Sure UNIX is user friendly; it's just picky about who its friends are." > > > -- > PHP Internals - PHP Runtime Development Mailing List > To unsubscribe, visit: http://www.php.net/unsub.php > -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
