[18657] in bugtraq
Re: PHP Security Advisory - Apache Module bugs
daemon@ATHENA.MIT.EDU (Matthew Keller)
Tue Jan 16 20:06:43 2001
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <3A6497BE.F3A46D82@potsdam.edu>
Date: Tue, 16 Jan 2001 13:49:34 -0500
Reply-To: Matthew Keller <kellermg@POTSDAM.EDU>
From: Matthew Keller <kellermg@POTSDAM.EDU>
X-To: Javi Polo <javipolo@ONINET.ES>
To: BUGTRAQ@SECURITYFOCUS.COM
Depending on your configuration, this can happen. Specifically if it is
explicitly OFF globably, explicitly OFF for one or more vhosts, and
explicitly ON for other vhosts. Most configurations won't get this
particular problem.
Javi Polo wrote:
>
> On 12/Jan/2001, Zeev Suraski wrote:
>
> > [2] PHP supports the ability to be installed, and yet disabled, by setting
> > the configuration option 'engine = off'. Due to a bug in the Apache module
> > version of PHP, if one or more virtual hosts within a single Apache server
> > were configured with engine=off, this value could 'propagate' to other
> > virtual hosts. Because setting this option to 'off' disables execution of
>
> I've been using for some months this settings (php default off, and then
> enabling it in the virtualdomains that I want) and I've had no problem at
> all ...
>
> Are there any more known circumstances when it happens ??
>
> --
> Javi Polo - javipolo@ivworlds.org - navo - DrSlump
> Proud member of the Panda Gey Community (powered by linux)
> http://javipolo.ivworlds.org/
--
Matthew Keller
WebMaster, Interim Network Manager &
Host Systems Analyst
Computing & Technology Services
Information Services Division
State University of New York at Potsdam
Website: http://mattwork.potsdam.edu/
PGP: http://mattwork.potsdam.edu/crypto/
