[SUCS Devel] [Git][sucssite/sucs-site][sucs-site] 3 commits: stop .forward file being a symlink

Imran Hussain imranh at sucs.org
Sat Apr 1 22:05:32 BST 2017

On 01.04.2017 19:33, Andrew Price wrote:
> - What if ~/.forward is created to be bigger than the available
> virtual memory (sparse or actual size)?

Php is set to use at most 128M. If someone has a 129M .forward file 
then all that'll happen is that php will crash out with a oom exception.

> - What if ~/.forward is replaced by a symlink between the is_link()
> call and the file() call?

What a attack! I doubt it'd happen but I guess it'd be a case of 
reading the file into a variable within the if and then using that 
'safe' variable.

Imran Hussain

More information about the Devel mailing list