[php-maint] Bug#719982: Bug#719982: php5: "-maxdepth 1" in "sessionclean" assumes sessions are not sorted into subdirectories
Gargaj / Conspiracy
gargaj at conspiracy.hu
Sun Aug 18 21:17:24 UTC 2013
On Sun, Aug 18, 2013 at 11:03 PM, Ondřej Surý <ondrej at sury.org> wrote:
> Control: tag -1 +wontfix
> Control: severity -1 wishlist
> Gergely,
> please read the bug the Thijs already mentioned - removing maxdepth has a security implications.
> If you modify the default settings you are responsible also to modify the other ends. The session cleaning is documented in Debian package and we simply cannot handle all possible configuration options the user might set.
As far as I read the other problem, it pertains to the fact that the
find command can be misled into following symbolic links. That can be
easily avoided by adding the -P option to the command line. It is also
entirely possible to restrict the possible damage even more by adding
"-iname sess_*" to make sure the only files that are affected are
session files.
-garg
More information about the pkg-php-maint
mailing list