Re: ping22: can not kill this process

To: debian-security@lists.debian.org
Subject: Re: ping22: can not kill this process
From: Rick Moen <rick@linuxmafia.com>
Date: Sat, 5 Jan 2008 14:53:46 -0800
Message-id: <[🔎] 20080105225345.GG28885@linuxmafia.com>
In-reply-to: <[🔎] c1a7b3c90801051328j2447922asaefd8af5399136ca@mail.gmail.com>
References: <9H1Qa-EO-1@gated-at.bofh.it> <9HHFL-2DJ-7@gated-at.bofh.it> <9HK0Y-6db-1@gated-at.bofh.it> <9HOxz-4Z1-11@gated-at.bofh.it> <9HT4j-43b-35@gated-at.bofh.it> <9HTxg-4Y8-9@gated-at.bofh.it> <9HZMt-6UV-29@gated-at.bofh.it> <[🔎] lds.0801050020.61@windlord.akallabeth.de> <[🔎] slrnfnvca2.3e5.paul-usenet@siesta.cruxwan.de> <[🔎] c1a7b3c90801051328j2447922asaefd8af5399136ca@mail.gmail.com>

Quoting Luis Mondesi (lemsx1@gmail.com):

> Good one! LOL
> 
> spilling ugly db*connect() errors to the world to see is not very
> secure indeed. or how about: foo() could not open /etc/my-secret-users
> file....

Which is of course why you also want these in php.ini:

log_errors = On
error_log = syslog
display_errors = Off

-- 
Cheers,               I have /usr/sbin/coffee mounted from /dev/mug right now, 
Rick Moen             and you can't have it.  Oh no, I just tried to seek past 
rick@linuxmafia.com   end-of-beverage. *sigh*  -- Graham Reed, in The Monastery

Reply to:

References:
- Re: ping22: can not kill this process
  - From: Thomas Hochstein <ml@ancalagon.inka.de>
- Re: ping22: can not kill this process
  - From: Paul Hink <paul-usenet@hink.name>
- Re: ping22: can not kill this process
  - From: "Luis Mondesi" <lemsx1@gmail.com>

Prev by Date: Re: ping22: can not kill this process
Next by Date: Re: [SECURITY] [DSA 1447-1] New tomcat5.5 packages fix several vulnerabilities
Previous by thread: Re: ping22: can not kill this process
Next by thread: Are the patches from the recent DSAs incorporated into the current etch kernel?
Index(es):
- Date
- Thread