Re: PMASA-2005-6 when "register_globals = on"
On Tue, 15 Nov 2005, Steve Kemp wrote:
> On Tue, Nov 15, 2005 at 05:54:32PM +0100, Piotr Roszatycki wrote:
> > http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2005-6 reports
> > that sarge's phpmyadmin package has a security flaw which is occured only if
> > "register_globals = on" setting is used.
> >
> > This feature is disabled in Debian package by default so I doubt if this is
> > serious problem. I'd like to ask if I should prepare the new package for
> > sarge or not?
>
> I think an upload would be justified.
Agreed. I know from real life that many servers are *forced* to run with
register_globals = on, due to reasons I'd rather not comment upon.
--
"One disk to rule them all, One disk to find them. One disk to bring
them all and in the darkness grind them. In the Land of Redmond
where the shadows lie." -- The Silicon Valley Tarot
Henrique Holschuh
Reply to: