* Arthur Corliss <acorliss@nevaeh-linux.org> [121012 11:30]:
> How PHP executes system calls is extraordinarily insecure, since it treats
> all calls as strings that need to be filtered through an actual shell.
> What's worse is that rather than give you a relatively safer method of
> calling, say, execvp(3), they insist you manually sanitize the strings with
> things like escapeshellcmd() and escapeshellarg(). Your backdoor might get
> more traffic than you intended.
>
> Tread carefully.
Oh sh*t. Nevermind. Thanks.
-- Tim tim at tee jay forty nine dot com or akwebsoft dot com http://www.akwebsoft.com --------- To unsubscribe, send email to <aklug-request@aklug.org> with 'unsubscribe' in the message body.Received on Fri Oct 12 11:31:42 2012
This archive was generated by hypermail 2.1.8 : Fri Oct 12 2012 - 11:31:42 AKDT