Christian Schneider:
> First of all: I've been playing around with it and it looks great!
>
> Some comments:
> 1) I added taint support to func_get_args() and func_get_arg(), a patch
> is attached.
Thanks. I will add a .phpt test script so that from now on it will
always work.
> 2) Maybe the fun
First of all: I've been playing around with it and it looks great!
Some comments:
1) I added taint support to func_get_args() and func_get_arg(), a patch
is attached.
2) Maybe the functions should be renamed to taint_xxx (e.g. taint_set,
taint_clear, taint_check or the like) to reside in their own
Wietse Venema:
> PHP compiles error-free with:
>
> $ fetch ftp://ftp.porcupine.org/pub/php/php-5.2.3-taint-20071103.tar.gz
> $ gzcat php-5.2.3-taint-20071103.tar.gz | tar xf -
> $ cd php-5.2.3-taint-20071103
> $ ./configure
And also with:
./configure --enable-taint
Wietse
> $ make
> $ l
Cristian Rodriguez:
> 2007/11/3, Wietse Venema <[EMAIL PROTECTED]>:
>
> > OK, I have updated the apache2 module SAPI, a
>
> The CGI sapi. using this tarball
> ftp://ftp.porcupine.org/pub/php/php-5.2.3-taint-20071103.tar.gz
>
> does not compile
>
> /home/cristian/php5.2.3-tainted/php-5.2.3-taint
2007/11/3, Wietse Venema <[EMAIL PROTECTED]>:
> OK, I have updated the apache2 module SAPI, a
The CGI sapi. using this tarball
ftp://ftp.porcupine.org/pub/php/php-5.2.3-taint-20071103.tar.gz
does not compile
/home/cristian/php5.2.3-tainted/php-5.2.3-taint-20071103/sapi/cgi/cgi_main.c:
In functi
Tomas Kuliavas:
> make distclean
> ./configure --prefix=/somepath/php \
> --with-config-file-path=/somepath/config/ \
> --with-apxs2=/somepath/apache/bin/apxs \
> --enable-taint \
> --enable-mbstring --disable-mbregex \
> --with-gettext=/usr \
[17 more lines deleted]
OK, I have updated the ap
> Tomas Kuliavas:
>> > A preliminary implementation of PHP taint support is available from
>> > ftp://ftp.porcupine.org/pub/php/ This code is released under version
>> > 2.00 of the Zend license.
>> >
>> > Below are fragments from the README file. For the full text please see
>> > ftp://ftp.porcupi
Tomas Kuliavas:
> > A preliminary implementation of PHP taint support is available from
> > ftp://ftp.porcupine.org/pub/php/ This code is released under version
> > 2.00 of the Zend license.
> >
> > Below are fragments from the README file. For the full text please see
> > ftp://ftp.porcupine.org/p
> A preliminary implementation of PHP taint support is available from
> ftp://ftp.porcupine.org/pub/php/ This code is released under version
> 2.00 of the Zend license.
>
> Below are fragments from the README file. For the full text please see
> ftp://ftp.porcupine.org/pub/php/php-5.2.3-taint-20071
Nuno Lopes:
> Hi,
>
> It sounds cool, indeed.
> The obvious question now is: how it performs with real-world applications?
This is the main reason I asked for feedback from the list :-)
> Have you been able to identify security bugs (either new or already known)?
> I don't have time to perform
Hi,
It sounds cool, indeed.
The obvious question now is: how it performs with real-world applications?
Have you been able to identify security bugs (either new or already known)?
I don't have time to perform these tests myself, but I would love to see
some results.
Regards,
Nuno
- Origi
11 matches
Mail list logo
