HOME Community Articles Code Library People Mail Archive My Account Contribute PHP Jobs

Open Source Database Feature Comparison Matrix Try Declarative Programming with Annotations and Aspects Locate All Stored Procedures and Their Objects/SQL Tables Building a Stored Procedure Generator Making Tables Read-only in Oracle

24-hour Support Daily Backup Dedicated Servers JSP/Java Servlets PHP MySQL Streaming Audio/Video Telnet/SSH Unix Hosting 24-hour Support

From: goba <email protected>
Date: 01/07/02

• Next message: Hartmut Holzgraefe: "[PHP-DOC] cvs: phpdoc / Makefile.in"
• Previous message: Gabor Hojtsy: "[PHP-DOC] cvs: phpdoc /en/chapters install.xml"
• Next in thread: sander <email protected>: "[PHP-DOC] Bug #14909 Updated: Allows access to ANY file"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

ID: 14909
Updated by: goba
Reported By: leighgardiner <email protected>
Status: Open
Bug Type: Documentation problem
Operating System: Windows
PHP Version: 4.1.1
Assigned To: imajes <email protected>
New Comment:

Georg, our security section has a link to that CERT
advisory for quite a long time now. I have added a
warning and a link to the particular security page
to that setup instruction page for Apache windows.

Please give better instructions for CGI setups
under windows if you can. A setup, where PHP
sritps are portable, so no #!c:\php\php.exe type
of method is doable...

Maybe James can find another way. The Apache doc
only documents the methods we have in the install
and security chapters...

---
Goba
Previous Comments:
------------------------------------------------------------------------
[2002-01-07 09:46:58] imajes <email protected>
Actually, our documentation tells win32 users to install that way. I'm
investigating a better method right now, and will patch the
documentation in a short while.
I knew i forgot to do something after i updated my win32 last week!
------------------------------------------------------------------------
[2002-01-07 09:41:20] georg <email protected>
Unbelievable, why do you set your cgi-binary in the document root
tree!?
See http://www.cert.org/advisories/CA-1996-11.html
------------------------------------------------------------------------
[2002-01-07 09:34:04] leighgardiner <email protected>
Well you should have already heard about this but I'll report it anyway
becoz we all need a fix very fast! Well when you do this:
http://www.example.com/php/php.exe?c:\winnt\repair\sam   (this is an
example, you can view any file) it will return the files contents! This
happens with ANY windows versions...i don't think it affects linux. Also
this will return the install path of PHP:
http://www.example.com/php/php4ts.dll
could you please get a path/new vesion out ASAP! This is extremly
serious!
------------------------------------------------------------------------
Edit this bug report at http://bugs.php.net/?id=14909&edit=1

• Next message: Hartmut Holzgraefe: "[PHP-DOC] cvs: phpdoc / Makefile.in"
• Previous message: Gabor Hojtsy: "[PHP-DOC] cvs: phpdoc /en/chapters install.xml"
• Next in thread: sander <email protected>: "[PHP-DOC] Bug #14909 Updated: Allows access to ANY file"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]