abstractus

Send private message

You must be logged in to send a private message.

Friends

No friends yet.

Activity

  • abstractus added a new discussion topic What happens if I turn off Symlinks? in the group General Discussion
    During the installation of elgg 1.7.1, I encountered an error 500 problem. My hosting provider's helpdesk advised me to remove the symlink option in the .htaccess file: # Follow symbolic linksOptions +FollowSymLinks As symlinks are not...
    • What can happen if you leave them turned on?

      Description
      Stefan Esser has reported a vulnerability in PHP, which can be exploited by malicious, local users to bypass certain security restrictions.

      The vulnerability is caused due to a race condition in the handling of symlinks and can be exploited to bypass the open_basedir protection mechanism.

      The vulnerability has been reported in PHP4 and PHP5.

      Solution
      Disable the "symlink()" function in php.ini.

    • PHP's symlink function is independent of whether Apache can follow symbolic links. Elgg does not require symbolic link support from either Apache or PHP. You'll be fine with both turned off if you choose to do that.

  • abstractus joined the group General Discussion