Hosting Provided By

Re: ping22: can not kill this process

From: Rick Moen <rick(at)linuxmafia.com>
Date: Fri Jan 04 2008 - 01:46:48 EST

Quoting Luis Mondesi (lemsx1@gmail.com):

> It's time to tell PHP (via php.ini) not to allow any of those
> functions that allow executing stuff from the system (system,
> passthru, whatever).

Amen to that. Good starting point:
disable_functions = system, exec, passthru, popen, escapeshellcmd, shell_exec

Looking at the typical php.ini is faintly terrifying, starting with the almost invariably ignored warning comments at the top, saying these settings are for development environments only, and should never be exposed to public networks.

(I have various modest recommendations in "PHP" on http://linuxmafia.com/kb/Security/ .)

-- 
To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Received on Fri Jan 4 01:47:39 2008

This message: [ Message body ]
Next message: Bernd Eckenfels: "Re: ping22: can not kill this process"
Previous message: Mike Wang: "Re: ping22: can not kill this process"
In reply to: Luis Mondesi: "Re: ping22: can not kill this process"
Next in thread: Felipe Figueiredo: "Re: ping22: can not kill this process"
Reply: Felipe Figueiredo: "Re: ping22: can not kill this process"
Reply: Javier Fernandez-Sanguino: "Re: ping22: can not kill this process"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Mar 19 2008 - 06:54:53 EDT