User: Password:
Subscribe / Log in / New account

Remote file inclusion vulnerabilities

Remote file inclusion vulnerabilities

Posted Oct 12, 2006 7:42 UTC (Thu) by StuHerbert (guest, #15663)
Parent article: Remote file inclusion vulnerabilities

Default installations of PHP on Gentoo are not vulnerable to this form of attack. We switched off the allow_url_fopen option back in 2003 [1]. We have also long supported's Hardened-PHP patch [2], which provides further protection against remote file inclusion. We'll shortly be shipping support for the Suhosin PHP security extension [3]; folks who want to test our support for that today can use the packages in the Gentoo PHP Project's overlay [4].


Best regards,

(Log in to post comments)

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds