[php-maint] Bug#336645: php4: not only dependent on register_globals
Antoine Beaupre
anarcat at koumbit.net
Fri Nov 18 00:38:18 UTC 2005
Package: php4
Version: 4:4.3.10-16
Followup-For: Bug #336645
http://www.hardened-php.net/index.76.html
This page explains why the so-called 'globals overwrite' bug matters,
even regardless of the register_globals setting. To put it briefly, the
$GLOBALS array can be accessed directly by other functions that assume
a propar initialization that might have been destroyed by the overwrite.
Not sure that is clear enough, read the page above if not.
My point is: this has close to nothing to do with register_globals.
There's a serious security issue, it needs to be fixed. Any pointers on
the actual patch applied in 4.4.1?
Thanks,
A.
More information about the pkg-php-maint
mailing list