Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:10852 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 97390 invoked by uid 1010); 1 Jul 2004 05:17:29 -0000 Delivered-To: ezmlm-scan-internals@lists.php.net Delivered-To: ezmlm-internals@lists.php.net Received: (qmail 97334 invoked from network); 1 Jul 2004 05:17:29 -0000 Received: from unknown (HELO mproxy.gmail.com) (216.239.56.249) by pb1.pair.com with SMTP; 1 Jul 2004 05:17:29 -0000 Received: by mproxy.gmail.com with SMTP id w29so2708696cwb for ; Wed, 30 Jun 2004 22:17:29 -0700 (PDT) Received: by 10.11.99.30 with SMTP id w30mr24256cwb; Wed, 30 Jun 2004 22:17:07 -0700 (PDT) Message-ID: <4e89b4260406302217211abef9@mail.gmail.com> Date: Thu, 1 Jul 2004 06:17:07 +0100 To: l0t3k Cc: internals@lists.php.net In-Reply-To: <20040630174555.77752.qmail@pb1.pair.com> Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit References: <20040630190623.F0AE.PHP@ter.dk> <20040630174555.77752.qmail@pb1.pair.com> Subject: Re: [PHP-DEV] Re: A couple of potential security issues with sessions and glob() in safe_mode From: kingwez@gmail.com (Wez Furlong) Even better, if you do discover something that might be exploitable, you should keep your mouth shut and instead send mail to security@php.net where, among a handful of others, Stefan will also read your message. --Wez. On Wed, 30 Jun 2004 13:45:50 -0400, l0t3k wrote: > > Peter, > although he hangs out here from time to time, you may want to forward > this to Stefan Esser of HardenedPHP > > http://www.hardened-php.net/ > > l0t3k