Possible widespread PHP configuration issue - security risk
Cliff Wells
cliff at develix.com
Fri Aug 27 21:05:45 MSD 2010
On Fri, 2010-08-27 at 17:45 +0100, Ed W wrote:
> On 27/08/2010 17:32, Nuno Magalhães wrote:
> >> I said to stop complaining about the content of the Wiki and feel
> >> free to fix it. You seem to have all the answers.
> >
> >> Oh fuck off you twit.
> > Gee, you're so mature.
>
> How is your post advancing the solution?
>
> How about you avoid quoting out of context parts of my message and focus
> on the rest of that message?
And destroy the theme of this thread? <Gasp>
Aside from the first post I haven't seen a single response that didn't
overreact to the previous one.
My personal opinion is that if you have PHP installed you already have
serious security concerns (every server I take live almost immediately
undergoes a hostile scan for every popular PHP package in existence).
Nevertheless, I've updated the MediaWiki entry. I'm sure there's still
8000 other security holes in MediaWiki that allow remote execution of
code, but hopefully this isn't one of them.
That being said: Ed, if you have specific information about
misconfigurations on the wiki, PLEASE update them or at least make a
note on the wiki itself that there are concerns. As has been pointed
out, it's a community-driven project. If something is wrong we need
people to fix it. Your long email would have been better served as a
wiki page that was linked to from all PHP configs that appear
vulnerable.
Now, everyone fuck off.
Regards,
Cliff
More information about the nginx
mailing list