[nycphp-talk] more crappy programs: security focus 230 - 232
jon baer
jonbaer at jonbaer.net
Thu Jan 22 08:31:17 EST 2004
not to mention the phpbb bug which was also listed there is pretty old + has
already been fixed - yet - was listed as *not* being supplied from the
vendor which is false ...
- jon
----- Original Message -----
From: "Hans Zaunere" <hans not junk at nyphp.com>
To: "NYPHP Talk" <talk at lists.nyphp.org>
Sent: Wednesday, January 21, 2004 9:14 PM
Subject: RE: [nycphp-talk] more crappy programs: security focus 230 - 232
> Apache mod_php Module File Descriptor Leakage Vulnerability
> http://www.securityfocus.com/bid/9302
This is unbelievable. Don't trust "bug" reports from people with email
addresses like linux4ever at yahoo.com. From the fork() man page:
The child process has its own copy of the parent's descriptors.
These descriptors reference the same underlying objects, so
that, for instance, file pointers in file objects are shared
between the child and the parent, so that an lseek(2) on a
descriptor in the child process can affect a subsequent read(2)
or write(2) by the parent. This descriptor copying is also
used by the shell to establish standard input and output for
newly created processes as well as to set up pipes.
H
_______________________________________________
talk mailing list
talk at lists.nyphp.org
http://lists.nyphp.org/mailman/listinfo/talk
More information about the talk
mailing list