PHP :: Bug #13268 :: static path in php and mm

Bug #13268	static path in php and mm
Submitted:	2001-09-12 13:57 UTC	Modified:	2002-01-10 02:01 UTC
From:	tomryan at camlaw dot rutgers dot edu	Assigned:	yohgaki (profile)
Status:	Closed	Package:	Session related
PHP Version:	4.0CVS-2001-09-12	OS:	linux
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	tomryan at camlaw dot rutgers dot edu
New email:
PHP Version:		OS:

New Comment:

[2001-09-12 13:57 UTC] tomryan at camlaw dot rutgers dot edu

php (from 4.0.6 and the latest cvs code), has PS_MM_PATH 
statically defined in ext/session/mod_mm.c.

This, coupled with hardcoding of only an extension in 
libmm.so, allows for a very easy DOS on systems that use 
session management for at least cgi and external binary 
placements for php, and quite possibly module installation.

Is it produceable? sure.. touch /tmp/session_mm.sem (if 
using php and mm)

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2001-12-19 22:37 UTC] yohgaki@php.net

Will this be changed?
Any one want me to fix it by adding addtional ini entry?

[2002-01-06 22:14 UTC] yohgaki@php.net

Assign to myself

[2002-01-10 02:01 UTC] yohgaki@php.net

Fixed in CVS

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Wed May 07 17:01:30 2025 UTC