The following reply was made to PR ports/138698; it has been noted by GNATS.
From: Maciej Andzinski <andzi...@volt.iem.pw.edu.pl> To: Miroslav Lachman <000.f...@quip.cz> Cc: bug-follo...@freebsd.org Subject: Re: ports/138698: lang/php5: PHP session.save_path vulnerability Date: Thu, 10 Sep 2009 13:58:42 +0200 (CEST) The problem is in permissions and that is what I suggest to fix. Bu you are right, I've made a mistake - the owner of /var/lib/php5 should be root, not www. I suggest changing permissions to 01733 (rwx-wx-wt), it can prevent session numbers leaking. Is it clear now? _______________________________________________ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"