> Quite true. However, warnings about "don't do this or that", "an > attacker may use this" and so on are numerous, but advice on what to do > about it is rarer. And this thing with system calls is a good example: > I can find many warnings about not doing it, but not a single piece of > advice about how to do it when it's actually necessary. I suspect that people who looked into doing this fall into two categories: Those who heeded the experts who told them "Don't do that" and didn't do it. Thoee who ignored the experts, went ahead and did it, and cobbled together enough band-aid security measures to be "Okay" with it, but not something they want to publish what they did, because then it would be too easy to attack them. Actually, there's probably a third category: Those who don't even really own their own machines any more because they got root-ed. :-v -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
