09-23-2009, 03:56 AM
|
|
Member
|
|
Join Date: Jan 2009
Posts: 40
|
|
Quote:
Originally Posted by IrPr
Well, I'm familar with linux system symlink and i disabled that globally using LSWS security features to improve shared hosts security
Here is php 5 changelog: http://www.php.net/ChangeLog-5.php
i didn't find any bugs related to symlink or open_basedir in 5.2 or 5.3 releases!
There is one open_basedir phrase in 5.3.0 change log, but its not related to Security issue!
security fixes are in top order of bug fixes
It seems no any security fix in 5.3.0 release, but 5.2.11 have some security fixes which none is releated to open_basedir or safemode bypass
Let me know if im wrong! |
i'm confused , maybe i'm wrong maybe you !
but i think maybe this bug was in 5.2.9 or 5.2.10 ! it's better you see this urls
Code:
http://securityreason.com/achievement_securityalert/61
http://securityreason.com/securityalert/6166
http://seclists.org/fulldisclosure/2009/Aug/0065.html
http://bugs.php.net/bug.php?id=49026
at last, take a look in Topic Date , it's for when 5.3.0 wasn't add to LSWS , and it was a warning , just a warning . and now i cant find 5.2.11 in LSWS coz 5.3.0 have many changes and i cant use it coz many of script didn't match to php 5.3.0 yet .
please add 5.2.11 to LSWS OR tell ma way to compile PHP 5.2.11 ( or other version wasn't in LSWS ) manualy
Best Regards
|
Threaded Mode