Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Comment Re:I'm not a company (Score 1) 208

This is a person who according to Ken Clarke, didn't really want to leave the EU any more than Boris did... basically, these type of people say one thing in order that the party will like them, they can get power, but then do something completely different.

The *only* reason website ratings and "think of the children" narratives are being mentioned now is simply to appeal to the people who may select her. And that's all.

It's entirely self-serving.

Comment Re:Less money but more creators? (Score 2) 288

The thing that struck me about their point that YouTube enabled people to carry virtually every song ever in their pocket... well I was just thinking, yep, that's fucking amazing. So, what exactly is it that these artists have done that's so worth hindering human advancement?

I think you're absolutely right, and I also agree with Gr8Apes comment about the relatively recent music industry basically being a blip.

Comment Re:Why don't web server scripts require exec bit? (Score 1) 50

They inject code right into the script that already has the execute bit set. It's not uncommon, I've seen it myself.

Looking at this specific example, WP Mobile Detector flaw, I can't see how that would be possible.

Just to recap (mostly for my own benefit to make sure I'm not going mad!), this flaw works by sending a URL to a vulnerable website. The vulnerable website then uses file_get_contents() to read the file... it is assuming the file is local, but actually it's a URL to somewhere else. If the server is configured with allow_url_fopen then file_get_contents() will perform the necessary HTTP GET to retrieve the contents of that file. The file still needs to be written to disk, which in this case is performed by file_put_contents().

None of the above is going to set the execute bit.

Comment Re:Why don't web server scripts require exec bit? (Score 1) 50

This doesn't help anything because the script they inject the code into already has the execute bit set.

Erm... no!

They're not uploading the script using SFTP or anything that might preserve file permissions; they're uploading using an existing, insecure, PHP script on the server. That will only allow for the file content and the file name to be preserved, so unless the PHP script explicitly set the file as executable, then it wouldn't be executable. The problem is, right now, it doesn't need to be executable in order to execute!

Comment Re:Why don't web server scripts require exec bit? (Score 1) 50

I don't think it would be a problem having PHP set it's own execute bit if it wants/needs to. A big problem seems to be with CMS-type sites where a user can upload content where (currently) miscreants can inject script. If the execute bit were required before script could be executed, then that would seem to avoid quite a lot of problems... unless a CMS were to set execute on user uploaded content, which would be dumb!

Comment Re:Why are they upgrading?!? (Score 1) 100

You mean Snow Leopard 10.6.8 v1.1. This can be crashed (as I did covered) by a Wifi AP providing IPv6.

Solution is to disable IPv6 in OS X, which is simple enough albeit you need to disable or move out of range of the AP to do so.

What actually happens is, the machine boots fine, you might be able to start an app or two, but then it'll beach-ball, and nothing will work thereafter; it's not actually frozen, but all disk activity stops and you can't even shutdown.

Details here.

Slashdot Top Deals

Anything free is worth what you pay for it.

Working...