[PHP-DEV] Bug #7822 Updated: system crash
ID: 7822 Updated by: zeev Reported By: [EMAIL PROTECTED] Old-Status: Critical Status: Closed Bug Type: Apache related Operating system: PHP Version: 4.0.4 Assigned To: Comments: Fixed in the CVS. Thanks for the report! Previous Comments: --- [2001-05-09 11:22:56] [EMAIL PROTECTED] System security bugs are quite critical. This has to be addressed before 4.0.6 --Jani --- [2001-05-07 12:52:28] [EMAIL PROTECTED] I guess the point is to prevent malicious users from crashing the server. --- [2001-05-07 12:35:23] [EMAIL PROTECTED] I don't see the point in accessing http://localhost/php/php.exe. So, why do you want to do that? --- [2001-05-04 03:41:23] [EMAIL PROTECTED] Now I use Apache/1.3.19 with PHP/4.0.5 for Windows 98 this problem still exists. Default setting will make system crash in Windows 98 if accessing something like http://localhost/php/php.exe I guess PHP at least should announce this problem (and I've made two of my friends crashed, sorry if they see this.). --- [2001-01-12 12:27:08] [EMAIL PROTECTED] cynic: This is a Great Idea! --- The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online. ATTENTION! Do NOT reply to this email! To reply, use the web interface found at http://bugs.php.net/?id=7822edit=2 -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-DEV] Bug #7822 Updated: system crash
ID: 7822 Updated by: sniper Reported By: [EMAIL PROTECTED] Old-Status: Open Status: Critical Bug Type: Apache related Operating system: PHP Version: 4.0.4 Assigned To: Comments: System security bugs are quite critical. This has to be addressed before 4.0.6 --Jani Previous Comments: --- [2001-05-07 12:52:28] [EMAIL PROTECTED] I guess the point is to prevent malicious users from crashing the server. --- [2001-05-07 12:35:23] [EMAIL PROTECTED] I don't see the point in accessing http://localhost/php/php.exe. So, why do you want to do that? --- [2001-05-04 03:41:23] [EMAIL PROTECTED] Now I use Apache/1.3.19 with PHP/4.0.5 for Windows 98 this problem still exists. Default setting will make system crash in Windows 98 if accessing something like http://localhost/php/php.exe I guess PHP at least should announce this problem (and I've made two of my friends crashed, sorry if they see this.). --- [2001-01-12 12:27:08] [EMAIL PROTECTED] cynic: This is a Great Idea! --- [2001-01-12 10:26:41] [EMAIL PROTECTED] indeed. a temporary workaround, if I may: LocationMatch /php/php(.exe)? deny from all /LocationMatch This at least denies direct access to the executable, and thus gets you rid of the crashes. --- The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online. ATTENTION! Do NOT reply to this email! To reply, use the web interface found at http://bugs.php.net/?id=7822edit=2 -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-DEV] Bug #7822 Updated: system crash
ID: 7822 Updated by: sbergmann Reported By: [EMAIL PROTECTED] Old-Status: Open Status: Feedback Bug Type: Apache related Operating system: PHP Version: 4.0.4 Assigned To: Comments: I don't see the point in accessing http://localhost/php/php.exe. So, why do you want to do that? Previous Comments: --- [2001-05-04 03:41:23] [EMAIL PROTECTED] Now I use Apache/1.3.19 with PHP/4.0.5 for Windows 98 this problem still exists. Default setting will make system crash in Windows 98 if accessing something like http://localhost/php/php.exe I guess PHP at least should announce this problem (and I've made two of my friends crashed, sorry if they see this.). --- [2001-01-12 12:27:08] [EMAIL PROTECTED] cynic: This is a Great Idea! --- [2001-01-12 10:26:41] [EMAIL PROTECTED] indeed. a temporary workaround, if I may: LocationMatch /php/php(.exe)? deny from all /LocationMatch This at least denies direct access to the executable, and thus gets you rid of the crashes. --- [2001-01-08 02:32:47] [EMAIL PROTECTED] In 4.0.4, This bug still exists. (Win32, php.ini) Conditions for this bug: safe_mode=Off doc_root=; the root of the php pages, used only if nonempty (doc_root is empty) In such configured PHP, system will crash if I type the URL: http://localhost/php/php.exe (Note: no / at the end of the URL) I may consult the source code if I have time later. --- [2001-01-06 02:29:03] [EMAIL PROTECTED] does this problem exist in PHP 4.0.4 --- The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online. ATTENTION! Do NOT reply to this email! To reply, use the web interface found at http://bugs.php.net/?id=7822edit=2 -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-DEV] Bug #7822 Updated: system crash
ID: 7822 Updated by: cynic Reported By: [EMAIL PROTECTED] Old-Status: Feedback Status: Open Bug Type: Apache related Operating system: PHP Version: 4.0.4 Assigned To: Comments: I guess the point is to prevent malicious users from crashing the server. Previous Comments: --- [2001-05-07 12:35:23] [EMAIL PROTECTED] I don't see the point in accessing http://localhost/php/php.exe. So, why do you want to do that? --- [2001-05-04 03:41:23] [EMAIL PROTECTED] Now I use Apache/1.3.19 with PHP/4.0.5 for Windows 98 this problem still exists. Default setting will make system crash in Windows 98 if accessing something like http://localhost/php/php.exe I guess PHP at least should announce this problem (and I've made two of my friends crashed, sorry if they see this.). --- [2001-01-12 12:27:08] [EMAIL PROTECTED] cynic: This is a Great Idea! --- [2001-01-12 10:26:41] [EMAIL PROTECTED] indeed. a temporary workaround, if I may: LocationMatch /php/php(.exe)? deny from all /LocationMatch This at least denies direct access to the executable, and thus gets you rid of the crashes. --- [2001-01-08 02:32:47] [EMAIL PROTECTED] In 4.0.4, This bug still exists. (Win32, php.ini) Conditions for this bug: safe_mode=Off doc_root=; the root of the php pages, used only if nonempty (doc_root is empty) In such configured PHP, system will crash if I type the URL: http://localhost/php/php.exe (Note: no / at the end of the URL) I may consult the source code if I have time later. --- The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online. ATTENTION! Do NOT reply to this email! To reply, use the web interface found at http://bugs.php.net/?id=7822edit=2 -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP-DEV] Bug #7822 Updated: system crash
[EMAIL PROTECTED] wrote: I guess the point is to prevent malicious users from crashing the server. Ouch :-( -- sebastian bergmann[EMAIL PROTECTED] http://www.sebastian-bergmann.de bonn.phpug.de | www.php.net | www.phpOpenTracker.de | www.titanchat.de -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]