User: Password:
|
|
Subscribe / Log in / New account

Remote file inclusion vulnerabilities

Remote file inclusion vulnerabilities

Posted Oct 12, 2006 7:42 UTC (Thu) by StuHerbert (guest, #15663)
Parent article: Remote file inclusion vulnerabilities

Default installations of PHP on Gentoo are not vulnerable to this form of attack. We switched off the allow_url_fopen option back in 2003 [1]. We have also long supported hardened-php.net's Hardened-PHP patch [2], which provides further protection against remote file inclusion. We'll shortly be shipping support for the Suhosin PHP security extension [3]; folks who want to test our support for that today can use the packages in the Gentoo PHP Project's overlay [4].

[1] http://sources.gentoo.org/viewcvs.py/gentoo-x86/eclass/ph...
[2] http://www.hardened-php.net/hphp/
[3] http://www.hardened-php.net/suhosin/index.html
[4] http://overlays.gentoo.org/proj/php/

Best regards,
Stu


(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds