Mailing List Archive
tlug.jp
Mailing List
tlug archive
tlug Mailing List Archive
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [tlug] Clamav reports a virus: Exploit.Gif.PHPembedded
- Date: Sat, 07 Jun 2008 18:43:45 +0900
- From: "Stephen J. Turnbull" <stephen@example.com>
- Subject: Re: [tlug] Clamav reports a virus: Exploit.Gif.PHPembedded
- References: <78d7dd350806042138r226b625do6f30eb68cc80e732@mail.gmail.com> <b4d277190806042240l1b0d2cadme275cf77dccdd79a@mail.gmail.com> <78d7dd350806042336j65d47ec9n382205fe5f566e13@mail.gmail.com> <b4d277190806050054w49fffad4v1b12acb8a22ad7d0@mail.gmail.com> <78d7dd350806050128l292de4e5he926d9beb7c27024@mail.gmail.com> <b4d277190806050210m250751aav4e5436e89c9e6957@mail.gmail.com> <78d7dd350806050247y329c4b36wf7442d932723a0d5@mail.gmail.com> <87hcc7akzv.fsf@uwakimon.sk.tsukuba.ac.jp> <78d7dd350806051948n30ff70d2t5d94f32b8bf7221@mail.gmail.com> <87mylyksj1.fsf@uwakimon.sk.tsukuba.ac.jp> <484A4534.7090902@imaginatorium.org>
Brian Chandler writes: > But I don't really see what criticism there could be here of PHP as > such. Excuse me? The implications of "a GIF is an executable PHP program" should be pretty obvious. > PHP provides a function to include a file and run it through the > php interpreter - what more or less could it do? Insist that the file satisfy some minimal truth-in-labelling requirements, such as "my MIME type is application/PHP-program". (The fact that that actually makes little sense in PHP is not an excuse for anything except criticism of PHP's design.) Even Perl-sans-taint does that! > AAMOF, I think that most of the publicised problems hereabouts come > from generic applications abusing very general mechanisms. PHP today may be a general scripting language, but it originated as and is still most popular as a web framework. General mechanisms should not be exposed at the web site building level, but in PHP you can't avoid it. Even Perl has the taint mechanism. Python does provide eval, but its use is deprecated. I'm sure Ruby, ditto.
- References:
- [tlug] Clamav reports a virus: Exploit.Gif.PHPembedded
- From: Hung Nguyen Vu
- Re: [tlug] Clamav reports a virus: Exploit.Gif.PHPembedded
- From: Edmund Edgar
- Re: [tlug] Clamav reports a virus: Exploit.Gif.PHPembedded
- From: Hung Nguyen Vu
- Re: [tlug] Clamav reports a virus: Exploit.Gif.PHPembedded
- From: Edmund Edgar
- Re: [tlug] Clamav reports a virus: Exploit.Gif.PHPembedded
- From: Hung Nguyen Vu
- Re: [tlug] Clamav reports a virus: Exploit.Gif.PHPembedded
- From: Edmund Edgar
- Re: [tlug] Clamav reports a virus: Exploit.Gif.PHPembedded
- From: Hung Nguyen Vu
- Re: [tlug] Clamav reports a virus: Exploit.Gif.PHPembedded
- From: Stephen J. Turnbull
- Re: [tlug] Clamav reports a virus: Exploit.Gif.PHPembedded
- From: Hung Nguyen Vu
- Re: [tlug] Clamav reports a virus: Exploit.Gif.PHPembedded
- From: Stephen J. Turnbull
- Re: [tlug] Clamav reports a virus: Exploit.Gif.PHPembedded
- From: Brian Chandler
- [tlug] Clamav reports a virus: Exploit.Gif.PHPembedded
- Prev by Date: Re: [tlug] Clamav reports a virus: Exploit.Gif.PHPembedded
- Next by Date: Re: [tlug] State of "Linux" documentation [was: Books]
- Previous by thread: Re: [tlug] Clamav reports a virus: Exploit.Gif.PHPembedded
- Next by thread: Re: [tlug] Clamav reports a virus: Exploit.Gif.PHPembedded
- Index(es):
| Home Page | Mailing List | Linux and Japan | TLUG Members | Links |