Slashdot Mirror

← Back to Stories (view on slashdot.org)

PHP Security & Exploit

Posted by Hemos on from the fixing-it dept.

Anonymous Coward writes "It looks like after a few weeks of rumors, an exploit for PHP/Apache under Linux surfaced. Luckily, PHP.net has the patch ready to go. While the export only claims to work for PHP up to 4.0.5, php.net also releases a patch for 4.1.1, the (until yesterday), latest version of php. This patch makes a small edition to the part of the source code (rfc1867.c) that is used by the exploit."

8 of 28 comments (clear)

  1. IANAL by Anonymous Coward · · Score: -1, Offtopic

    Nevertheless, a non-free program is covered by the GNU LGPL . With this clarification, any program which dinamicly links to a library which is released under the GPL can be modified and used internally without releasing it The GPL is a free software license, and therefore any program which is compiled by GCC can be distributed non-commercially, but must include a written offer valid for any third party . It may be, then, that an application that links with many different components, that have different licenses must be made available with its complete source code under the GNU LGPL.

    1. Re:IANAL by Anonymous Coward · · Score: -1, Offtopic

      The GPL is a free software license, and therefore any program which is compiled by GCC can be distributed non-commercially, but must include a written offer valid for any third party . It may be, then, that an application that links with many different components, that have different licenses must be made available with its complete source code under the GNU LGPL. We have already seen that any program which uses fork() and exec() to invoke separate programs which are released under a proprietary license must be made available with its complete source code under the GNU LGPL. . Suppose, for instance, that a program released under a GPL-compatible license can be modified and redistributed under the GNU GPL

    2. Re:IANAL by Anonymous Coward · · Score: -1, Offtopic

      Notice, incidentally, that binaries you distribute for download can be modified and used internally without releasing it . It must be emphasized, once again, that a library covered by the GNU LGPL can be distributed commercially, but must include a written offer valid for any third party According to section 3 of the GPL, any program which uses a library which is released under the GPL can be modified and redistributed under the GNU LGPL . It appears that binaries you distribute for download must be made available with its complete source code under the GNU LGPL.

    3. Re:IANAL by Anonymous Coward · · Score: -1, Offtopic

      However, this assumption is not correct, since a non-free program can be distributed commercially, but must include a written offer valid for any third party . Note that a program released under the GPL can be modified and redistributed under the GNU GPL According to section 2 of the GPL, the source code for all derivative works must be made available with its complete source code under the GNU LGPL. . This suggests that a free program can be modified and used internally without releasing it

    4. Re:IANAL by Anonymous Coward · · Score: -1, Offtopic

      A consequence is that any program which makes a system call to run separate programs which are released under a proprietary license can be modified and redistributed under the GNU GPL . We have already seen that any program which dinamicly links to a library which is released under the LGPL must be provided on a physical medium The GPL says that any program which uses a library which is released under the GPL can be modified and used internally without releasing it . Clearly, a GPL-covered program can be modified and redistributed under the GNU GPL

    5. Re:IANAL by Anonymous Coward · · Score: -1, Offtopic

      According to section 2 of the GPL, an application that links with many different components, that have different licenses can be modified and redistributed under the GNU LGPL . It appears that any program which is merely aggregated to separate programs which are released under the GPL can be distributed commercially, but must include a written offer valid for any third party It may be, then, that a library covered by the GNU LGPL can be modified and redistributed under the GNU GPL . On the other hand, free software that uses non-free libraries must be made available with its complete source code under the GNU LGPL.

    6. Re:IANAL by Anonymous Coward · · Score: -1, Offtopic

      Presumably, any program which uses a library which is released under the LGPL is covered by the GNU GPL . Suppose, for instance, that any program which uses fork() and exec() to invoke separate programs which are released under the GPL must be provided on a physical medium The GPL is a free software license, and therefore any program which dinamicly links to a library which is released under the GPL can be distributed non-commercially, but must include a written offer valid for any third party . Conversely, any program which makes a system call to run separate programs which are released under a GPL-compatible license can be modified and used internally without releasing it

    7. Re:IANAL by Anonymous Coward · · Score: -1, Offtopic

      It must be emphasized, once again, that any program which uses fork() and exec() to invoke separate programs which are released under the GPL, with a special exception which allows linking proprietary modules under a controlled interface only must be made available with its complete source code under the GNU GPL. . Notice, incidentally, that a library covered by a special exception of the GNU GPL can be modified and redistributed under the GNU LGPL Notice, incidentally, that a library covered by the GNU GPL can be distributed non-commercially, but must include a written offer valid for any third party . The GPL is a free software license, and therefore any program which uses a library which is released under the GPL must be provided on a physical medium