RE: [PHP-DEV] FW: (SRADV00001) Arbitrary file disclosure throughPHP file upload From: Zeev Suraski (zeev <email protected>)
Date: 09/04/00

Can you please verify that the latest CVS solves this problem?
Did the original fix (Rasmus's) solve your problem? Because as far as I
can tell, it wasn't supposed to... I checked it and it appears to crash
under certain circumstances.

Zeev

At 09:42 04/09/2000, Signal 11 wrote:
> > He is a little bit confused. This has nothing to do with register_globals
> > and turning off register_globals does nothing to fix this issue. I
> > committed a patch which fixes the problem, but we will probably refine it.
>
>More than a little! I posted some more information to bugtraq so that
>people can view the bug in the database. You might want to just tag a note
>on that bug id saying a patch has been committed and will be available
>shortly... aleph usually takes about 4-8 hours to get to messages..
>
>
> > My suggestion is for people to simply check their $userfile_name variable
> > and make sure they are copying a file from their tmp directory and nowhere
> > else. And of course, your web server user id should not have access to
> > sensitive files on your system anyway.
>
>Well, I made the suggestion to check the filesize.. although your
>suggestion should have been obvious to me. Ngggh... that's what I get
>for trying to think at 2 in the morning. :\
>
>~ Signal 11
>
>
>--
>PHP Development Mailing List <http://www.php.net/>
>To unsubscribe, e-mail: php-dev-unsubscribe <email protected>
>For additional commands, e-mail: php-dev-help <email protected>
>To contact the list administrators, e-mail: php-list-admin <email protected> 

--
Zeev Suraski   <zeev <email protected>>
http://www.zend.com/

-- 
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: php-dev-unsubscribe <email protected>
For additional commands, e-mail: php-dev-help <email protected>
To contact the list administrators, e-mail: php-list-admin <email protected>