 |
 |
 |
 |
|
|
Date: 01/08/00
- Next message: Holger Zimmermann: "Re: [PHP-DEV] php_xml.dll"
- Previous message: vvs_php <email protected>: "[PHP-DEV] Voulnerability in 3.*-4.*"
- In reply to: vvs_php <email protected>: "[PHP-DEV] Voulnerability in 3.*-4.*"
- Next in thread: rasmus <email protected>: "Re: [PHP-DEV] Voulnerability in 3.*-4.*"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Sat, 8 Jan 2000 vvs_php <email protected> wrote:
> There is a problem with security in the file safe_mode.c (affects on
> functions, that use _php3_checkuid: unlink, rmdir....).
> So, the explanation. (UNIX, Apache, php3....)
> I do not know, what is the idea of *s='\0'; before stat(yes, it puts the
> end of the string to the beginning of the string) (who can explain
> this?), so, everything works more or less fine without it.
So, this string (*s='\0';) is correct, when mode > 2, so, maybe,
if (s) {
if(mode > 2) *s='\0';
OK?
-- PHP Development Mailing List <http://www.php.net/> To unsubscribe, e-mail: php-dev-unsubscribe <email protected> For additional commands, e-mail: php-dev-help <email protected> To contact the list administrators, e-mail: php-list-admin <email protected>
- Next message: Holger Zimmermann: "Re: [PHP-DEV] php_xml.dll"
- Previous message: vvs_php <email protected>: "[PHP-DEV] Voulnerability in 3.*-4.*"
- In reply to: vvs_php <email protected>: "[PHP-DEV] Voulnerability in 3.*-4.*"
- Next in thread: rasmus <email protected>: "Re: [PHP-DEV] Voulnerability in 3.*-4.*"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]