BugTraq
Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure Aug 12 2013 11:45PM
coderaptor (coderaptor gmail com) (2 replies)
Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure Aug 13 2013 12:29PM
Matthew Caron (Matt Caron redlion net)
On 08/12/2013 07:45 PM, coderaptor wrote:
> Just because you have an opinion does not make it more right than
> others. PHP sucks with 1300 functions (what programming language
> requires 1300 functions? The one that is designed poorly),

Or, one which has a very rich featureset which doesn't require folks to
reinvent the wheel every time they want to read in a bitmap.

That said, PHP sucks for other reasons, most notably the inability to
force variable predeclaration (ie perl's "use strict")*, but I wanted to
specifically address your criticism of a language having "too many
functions".

* Assuming this is still true. It was back in 2008 when I quit my web
job and went back into firmware, and I haven't been doing much with PHP
since, instead focusing on C and D on ARM and PPC, so this may have been
remedied.

> that's a
> fact. And you aren't helping it suck less. I may be clueless about how
> the apache + php glue and php work, but I am now very sure that I
> won't use PHP. And will probably stick with my OpenBSD implementation
> of chrooted apache - apache is fit to be in a jail.

I don't see why you need to demonstrate that PHP sucks to justify this
position. Compartmentalization is generally a good idea - feel free to
practice more of it, as long as you can live with the limitations of
doing so. There are also lightweight kernel-level virtualization
approaches (linux containers (lxc), Solaris containers, and BSD jails
(not to be confused with chroot jails)), which provide even better
segregation than a mere chroot.

--
Matthew Caron, Software Build Engineer
Sixnet, a Red Lion business | www.sixnet.com
+1 (518) 877-5173 x138 office

[ reply ]
Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure Aug 13 2013 07:55AM
Reindl Harald (h reindl thelounge net) (3 replies)
Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure Aug 13 2013 12:11PM
James Birk (jamesbirk gmail com)


 

Privacy Statement
Copyright 2010, SecurityFocus