Bugtraq mailing list archives
Re: PHP Security Advisory - Apache Module bugs
From: Matthew Keller <kellermg () POTSDAM EDU>
Date: Tue, 16 Jan 2001 13:49:34 -0500
Depending on your configuration, this can happen. Specifically if it is explicitly OFF globably, explicitly OFF for one or more vhosts, and explicitly ON for other vhosts. Most configurations won't get this particular problem. Javi Polo wrote:
On 12/Jan/2001, Zeev Suraski wrote:[2] PHP supports the ability to be installed, and yet disabled, by setting the configuration option 'engine = off'. Due to a bug in the Apache module version of PHP, if one or more virtual hosts within a single Apache server were configured with engine=off, this value could 'propagate' to other virtual hosts. Because setting this option to 'off' disables execution ofI've been using for some months this settings (php default off, and then enabling it in the virtualdomains that I want) and I've had no problem at all ... Are there any more known circumstances when it happens ?? -- Javi Polo - javipolo () ivworlds org - navo - DrSlump Proud member of the Panda Gey Community (powered by linux) http://javipolo.ivworlds.org/
-- Matthew Keller WebMaster, Interim Network Manager & Host Systems Analyst Computing & Technology Services Information Services Division State University of New York at Potsdam Website: http://mattwork.potsdam.edu/ PGP: http://mattwork.potsdam.edu/crypto/
Current thread:
- Re: PHP Security Advisory - Apache Module bugs Javi Polo (Jan 16)
- Re: PHP Security Advisory - Apache Module bugs Matthew Keller (Jan 16)
- Re: PHP Security Advisory - Apache Module bugs James Moore (Jan 16)