Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:311 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 67206 invoked from network); 26 Mar 2003 17:38:32 -0000 Received: from unknown (HELO mail.bauer-kirch.de) (80.237.234.121) by pb1.pair.com with SMTP; 26 Mar 2003 17:38:32 -0000 Received: (qmail 29640 invoked from network); 26 Mar 2003 13:39:53 -0000 Received: from somewhere (IP somewhere) by mail.bauer-kirch.de with SMTP; 26 Mar 2003 13:39:53 -0000 To: Antony Dovgal Cc: internals@lists.php.net In-Reply-To: <20030326113944.5c6ce93b.tony2001@phpclub.net> References: <20030326112602.4479ad59.tony2001@phpclub.net> <20030326113944.5c6ce93b.tony2001@phpclub.net> Content-Type: text/plain Content-Transfer-Encoding: 7bit Organization: Message-ID: <1048685915.4577.9.camel@trior.martinjansen.com> Mime-Version: 1.0 Date: 26 Mar 2003 14:38:36 +0100 Subject: Re: [PHP-DEV] socket_iovec_alloc segfault && security advisory From: mj@php.net (Martin Jansen) On Wed, 2003-03-26 at 10:39, Antony Dovgal wrote: > On Wed, 26 Mar 2003 01:30:11 -0800 (Pacific Standard Time) > Rasmus Lerdorf wrote: > > > I don't see how it is in any way exploitable. > That's what I wanted to say indeed. > > IMHO it will be much better to move this extension to PECL and to > avoid such articles, having bad influence on PHP's image. So you are proposing to move sockets to PECL, because the extension will not attract that much interest there and thus the possible security issues will not be revealed so fast? I agree with that up to a certain point, but technically this isn't a great solution: The issues should be fixed *before* moving it to PECL. Otherwise PECL will soon be a hazardous waste site for all sorts of PHP extensions that have more or less severe security problems ;-). - Martin