15dc0f67ef
Installs the barebones php4 with only the gettext, iconv and recode modules compiled in. All of the other modules have to be installed as shared modules on top of this. In addition to the Apache module, this package also includes a php command-line binary which can be used in shell scripts. The binary uses the same /var/www/conf/php.ini file as the Apache module. There is some non-i386 breakage at the moment (notably macppc). Work by wilfried@ and me. espie@ ok
17 lines
580 B
Plaintext
17 lines
580 B
Plaintext
A couple of minor changes have been made to PHP's
|
|
default installation to make it more secure.
|
|
|
|
1) Temporary files have greater randomness in their names.
|
|
|
|
2) URL fopen is OFF by default, as this functionality is
|
|
easily exploitable for many common PHP scripts out there.
|
|
Turning it off by default does not affect 99% of users,
|
|
and turns remote exploits into local ones.
|
|
|
|
The source has not otherwise been audited. If you do so,
|
|
please contact the maintainer(s) below.
|
|
|
|
--
|
|
Anil Madhavapeddy, <avsm@openbsd.org>
|
|
$OpenBSD: SECURITY,v 1.1.1.1 2002/06/24 19:23:41 avsm Exp $
|