summaryrefslogtreecommitdiff
path: root/doc
diff options
context:
space:
mode:
Diffstat (limited to 'doc')
-rw-r--r--doc/source/config.rst2
-rw-r--r--doc/source/features.rst6
2 files changed, 6 insertions, 2 deletions
diff --git a/doc/source/config.rst b/doc/source/config.rst
index 2053c2f..a84bb60 100644
--- a/doc/source/config.rst
+++ b/doc/source/config.rst
@@ -152,7 +152,7 @@ least astonishment
152<https://en.wikipedia.org/wiki/Principle_of_least_astonishment>`__. But since 152<https://en.wikipedia.org/wiki/Principle_of_least_astonishment>`__. But since
153it's `possible to modify php's logging system via php 153it's `possible to modify php's logging system via php
154<https://www.php.net/manual/en/errorfunc.configuration.php>`__, it's 154<https://www.php.net/manual/en/errorfunc.configuration.php>`__, it's
155heavily recommended to use the ``syslog`` option instead. The ``file:` option 155heavily recommended to use the ``syslog`` option instead. The ``file:`` option
156might be useful if you're using Snuffleupagus to fuzz or audit a codebase. 156might be useful if you're using Snuffleupagus to fuzz or audit a codebase.
157 157
158log_max_len 158log_max_len
diff --git a/doc/source/features.rst b/doc/source/features.rst
index adb8779..517bbec 100644
--- a/doc/source/features.rst
+++ b/doc/source/features.rst
@@ -309,7 +309,11 @@ of dangerous functions, dropping them everywhere else:
309 :language: php 309 :language: php
310 310
311 311
312The intent is to make post-exploitation process (such as backdooring of legitimate code, or RAT usage) a lot harder for the attacker. 312The intent is to make post-exploitation process (such as backdooring of
313legitimate code, or RAT usage) a lot harder for the attacker.
314
315Note that an attacker able to run arbitrary PHP code can likely bypass some virtual-patching
316by (ab)using some PHP features.
313 317
314 318
315.. _global-strict-feature: 319.. _global-strict-feature: