Remote file inclusion vulnerabilities
Posted Oct 12, 2006 7:42 UTC (Thu) by StuHerbert
Parent article: Remote file inclusion vulnerabilities
Default installations of PHP on Gentoo are not vulnerable to this form of attack. We switched off the allow_url_fopen option back in 2003 . We have also long supported hardened-php.net's Hardened-PHP patch , which provides further protection against remote file inclusion. We'll shortly be shipping support for the Suhosin PHP security extension ; folks who want to test our support for that today can use the packages in the Gentoo PHP Project's overlay .
to post comments)