770af9ab9d
Not much response to my post to ports@ asking for testing, so there will probably be some breakage in the more obscure flavors and non-x86 arches.
17 lines
576 B
Plaintext
17 lines
576 B
Plaintext
A couple of minor changes have been made to PHP's
|
|
default installation to make it more secure.
|
|
|
|
1) Temporary files have greater randomness in their names.
|
|
|
|
2) URL fopen is OFF by default, as this functionality is
|
|
easily exploitable for many common PHP scripts out there.
|
|
Turning it off by default does not affect 99% of users,
|
|
and turns remote exploits into local ones.
|
|
|
|
The source has not otherwise been audited. If you do so,
|
|
please contact the maintainer(s) below.
|
|
|
|
--
|
|
Anil Madhavapeddy, <avsm@openbsd.org>
|
|
$OpenBSD: SECURITY,v 1.1 2001/12/18 01:40:48 avsm Exp $
|