Subscribe to the RSS Feed

 

Onedot.nl Services

Now including a free temporary website!

Security Enhancements: sshfs, files, php.

Several security enhancements have been made, along with a fix.

• sftp-server has been removed from the OpenSSH configuration (Thanks to K-4U).
  • Cause: Used by SSHFS and included by default in applications like Nautilus.
  • Effect: Can generate lots of unwanted traffic.
  • Impact: SSH can only be used with an SSH-client.
• Several file access rules have been modified.
  • Impact: None.
• safe_mode has been switched on in PHP for security reasons (Thanks to K-4U).
  • Cause: Access to certain files could be gained through PHP/Apache.
  • Effect: Possible compromise.
  • Impact: Bad coded websites may no longer work. Check yours!
• PHP’s mail has been fixed (Thanks to K-4U).
  • Cause: users and their PHP applications were unable to send out mail using mail(), ssmtp update required mailer to be in the ssmtp group.
  • Effect: General PHP mail() not working, forum registering not possible, etc.
  • Impact: Mail should be working flawlessly again!

---

← Nog even..

Style

• Red, Amber, Green

© Copyright 2007 · A Massive Blue Template

Powered by Textpattern