LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

An important PHP security update

An important PHP security update

Posted May 4, 2012 1:20 UTC (Fri) by xtifr (subscriber, #143)
Parent article: An important PHP security update

So FCGI is ok? (I don't have PHP installed, let alone deployed; I'm just curious.)

(Log in to post comments)

An important PHP security update

Posted May 4, 2012 2:14 UTC (Fri) by cortana (subscriber, #24596) [Link]

Seems to be (using mod_fcgid to be precise).

An important PHP security update

Posted May 4, 2012 2:29 UTC (Fri) by jmayer (subscriber, #595) [Link]

If I understand the problem description correctly (and I'm neither a web server expert nor a php expert) in order to trigger this problem you need to run php-scripts via the cgi module. If you run them via the fcgi or php modules your system shouldn't provide this feature.

An important PHP security update

Posted May 4, 2012 23:49 UTC (Fri) by branden (subscriber, #7029) [Link]

You know you're reading an article on the PHP language when a security hole is described, even inadvertently, as a "feature". ;-)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds