Hi,
I know that this is maybe a little bit off-topic, but I assume that most
people on this list are used to compile PHP just for testing purposes.
I am currently planning to write a paper about the memory_limit security
bug that was announced last month. Actually the paper will explain in
detail what the bug is and how it can be exploited to execute arbitrary
code.
The paper itself will be written because a few people requested it, a
lot of media reported it as a buffer overflow (which is completely
wrong) and just because I need some training in writing papers for
university.
So if anyone here would like to support me writing this paper just grab
a copy of http://security.e-matters.de/mlxdebug.tgz
This package has some special patches in it (for PHP 4.3.2-4.3.7) that
write debug output for every emalloc/efree/erealloc and
php_register_variable_ex call into a file within /tmp.
The package includes a description how the test works. It basicly
consists of compiling PHP on your normal platform: f.e. OpenBSD Apache2
CGI. You should just add --enable-memory-limit to your standard
configure line and turn register_globals on. The rest is all explained
in the package.
Stefan Esser
PS: those debug files would help me a lot to proof that a few things are
easier than one thinks.
Hello Stefan,
basically you want to explain everybody how to use those millions
of unpatched servers.
marcus
Sunday, August 1, 2004, 2:33:04 PM, you wrote:
Hi,
I know that this is maybe a little bit off-topic, but I assume that most
people on this list are used to compile PHP just for testing purposes.
I am currently planning to write a paper about the memory_limit security
bug that was announced last month. Actually the paper will explain in
detail what the bug is and how it can be exploited to execute arbitrary
code.
The paper itself will be written because a few people requested it, a
lot of media reported it as a buffer overflow (which is completely
wrong) and just because I need some training in writing papers for
university.
So if anyone here would like to support me writing this paper just grab
a copy of http://security.e-matters.de/mlxdebug.tgz
This package has some special patches in it (for PHP 4.3.2-4.3.7) that
write debug output for every emalloc/efree/erealloc and
php_register_variable_ex call into a file within /tmp.
The package includes a description how the test works. It basicly
consists of compiling PHP on your normal platform: f.e. OpenBSD Apache2
CGI. You should just add --enable-memory-limit to your standard
configure line and turn register_globals on. The rest is all explained
in the package.
Stefan Esser
PS: those debug files would help me a lot to proof that a few things are
easier than one thinks.
--
Best regards,
Marcus mailto:helly@php.net
Hi,
The package includes a description how the test works. It basicly
consists of compiling PHP on your normal platform: f.e. OpenBSD
Apache2 CGI. You should just add --enable-memory-limit to your
standard configure line and turn register_globals on. The rest is all
explained in the package.
Is there any chance enabling mbstring will affect the results of the
tests?
As far as I experimented in the past, it will unlikely do.
Moriyoshi
What a stupid question I asked here... Nevermind.
Moriyoshi
Hi,
The package includes a description how the test works. It basicly
consists of compiling PHP on your normal platform: f.e. OpenBSD
Apache2 CGI. You should just add --enable-memory-limit to your
standard configure line and turn register_globals on. The rest is all
explained in the package.Is there any chance enabling mbstring will affect the results of the
tests?
As far as I experimented in the past, it will unlikely do.Moriyoshi