Difference between revisions of "Vuln php leak"

From Atomicorp Wiki
Jump to: navigation, search
(Created page with "= PHP function posix_setuid() sets the UID of the current process = The PHP function leak() is used to force PHP to "leak" a specified amount of memory causing the PHP applic...")
 

Latest revision as of 18:48, 10 February 2012

[edit] PHP function posix_setuid() sets the UID of the current process

The PHP function leak() is used to force PHP to "leak" a specified amount of memory causing the PHP application to grow and grow and grow in memory. This function is used to help debug PHP's memory manager and is not necessary for normal function of PHP. In short, this function is quite useless for most developers. This could potentially lead to crashes on the system, such as crashing the web server or even the server itself.

[edit] Next Steps

If this risk is unacceptable for your system, then you will want to disable this capability in PHP.

Step 1: Log into the ASL GUI, click on Configuration and select the ASL configuration menu option. This will open the ASL configuration screen.

Step 2: Scroll down to PHP_CHECKS and make sure this is set to "yes". By default ASL will only warn about PHP vulnerabilities. If you set this to yes, it will also fix these vulnerabilities. If this is set to "no" the next step will not work, so set this to "yes".

Step 3: Scroll down to ALLOW_leak and set this to "no".

Step 4: Click the "update" button.

This will resolve this vulnerability.

Personal tools