On 15-Dec-06, at 6:18 PM, Stanislav Malyshev wrote:
And here is your first exploit, let's say we say
mysql_real_escape_string() takes tainted data and makes it
untainted, what happens when this "safe" data is passed to exec().
You are going to
I'd say you have really weird code if you do
mysql_real_escape_string() in order to pass the data to exec() ;)
I'd say you have pretty weird code if you do include $_POST['VAR'];
and yet people do exactly that.
need to deal with different levels of taint-untainted and 1 bit is
not going to give you that flexibility. You are going to need an
int/long, maybe even a long long.
What would be stored in this long long?
Bitmask identifying different taint modes.
Ilia Alshanetsky
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
