[SUCS Devel] [Git][sucssite/sucs-site][sucs-site] 3 commits: stop .forward file being a symlink
Imran Hussain
imranh at sucs.org
Sat Apr 1 22:05:32 BST 2017
On 01.04.2017 19:33, Andrew Price wrote:
> - What if ~/.forward is created to be bigger than the available
> virtual memory (sparse or actual size)?
Php is set to use at most 128M. If someone has a 129M .forward file
then all that'll happen is that php will crash out with a oom exception.
> - What if ~/.forward is replaced by a symlink between the is_link()
> call and the file() call?
What a attack! I doubt it'd happen but I guess it'd be a case of
reading the file into a variable within the if and then using that
'safe' variable.
--
Imran Hussain
https://sucs.org
More information about the Devel
mailing list