Re: [PHP-DEV] [Fwd: [PHP-QA] security patches against 4_0_5]

Zeev Suraski Wed, 28 Mar 2001 09:25:19 -0800
It made it into RC3 (looked ok to me)

At 19:24 28/3/2001, André Langhorst wrote:
>Does anyone see a problem with this patch?
>--
>· André Langhorst        t: +49 331 5811560 ·
>· [EMAIL PROTECTED]          m: +49 173 9558736 ·
>* PHP Quality Assurance  http://qa.php.net  *
>
>
>X-Mozilla-Status2: 00000000
>Return-Path: <[EMAIL PROTECTED]>
>Received: from toye.php.net (va.php.net [198.186.203.51])
>         by strahler.kreuzfeuer.de (8.11.2/8.11.2/SuSE Linux 8.11.0-0.4) 
> with SMTP id f2RE85q06536
>         for <[EMAIL PROTECTED]>; Tue, 27 Mar 2001 16:08:05 +0200
>Received: (qmail 24394 invoked by uid 1013); 27 Mar 2001 14:03:11 -0000
>Mailing-List: contact [EMAIL PROTECTED]; run by ezmlm
>Precedence: bulk
>Delivered-To: mailing list [EMAIL PROTECTED]
>Received: (qmail 24387 invoked from network); 27 Mar 2001 14:03:10 -0000
>X-Authentication-Warning: nameserver.bicnet.it: Host domino.bicnet.it 
>[151.99.231.30] claimed to be domino
>Message-ID: <00b701c0b6c8$63cf5360$[EMAIL PROTECTED]>
>From: "Romolo Manfredini" <[EMAIL PROTECTED]>
>To: <[EMAIL PROTECTED]>
>Date: Tue, 27 Mar 2001 16:15:33 +0200
>MIME-Version: 1.0
>Content-Type: multipart/mixed;
>         boundary="----=_NextPart_000_00B3_01C0B6D9.272616E0"
>X-Priority: 3
>X-MSMail-Priority: Normal
>X-Mailer: Microsoft Outlook Express 5.50.4522.1200
>X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
>Subject: [PHP-QA] security patches against 4_0_5
>
>Does someone see problems in merging the following patches in 4_0_5
>
>They patch two serius problems in 4_0_5
>
>copy function:
>the safe mode check, checks only ownership of source, then it call 
>php_copy_file, so if the httpd process have OS right to open the target 
>file, any user can overwrite a file writable by httpd with a file owned by 
>himself.
>
>move_uploaded_file
>similar problem as user can overwrite any file with the uploaded one.
>
>waiting for comments.
>
>Romolo Manfredini
>
>
>--
>PHP Quality Assurance Mailing List <http://www.php.net/>
>To unsubscribe, e-mail: [EMAIL PROTECTED]
>For additional commands, e-mail: [EMAIL PROTECTED]
>To contact the list administrators, e-mail: [EMAIL PROTECTED]
>--
>PHP Development Mailing List <http://www.php.net/>
>To unsubscribe, e-mail: [EMAIL PROTECTED]
>For additional commands, e-mail: [EMAIL PROTECTED]
>To contact the list administrators, e-mail: [EMAIL PROTECTED]

--
Zeev Suraski <[EMAIL PROTECTED]>
CTO &  co-founder, Zend Technologies Ltd. http://www.zend.com/


--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP-DEV] [Fwd: [PHP-QA] security patches against 4_0_5]

Reply via email to
