Default installations of PHP on Gentoo are not vulnerable to this form of attack. We switched off the allow_url_fopen option back in 2003 . We have also long supported hardened-php.net's Hardened-PHP patch , which provides further protection against remote file inclusion. We'll shortly be shipping support for the Suhosin PHP security extension ; folks who want to test our support for that today can use the packages in the Gentoo PHP Project's overlay .
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds