[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: cd with multiple arguments?
|
From: |
Marc Herbert |
|
Subject: |
Re: cd with multiple arguments? |
|
Date: |
Mon, 20 Dec 2010 09:22:27 +0000 |
|
User-agent: |
Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.13) Gecko/20101209 Fedora/3.1.7-0.35.b3pre.fc14 Thunderbird/3.1.7 |
Le 17/12/2010 20:57, Bob Proulx a écrit :
> CGI scripts are not normally setuid but are running as the web
> server process owner
You wish...
> Instead they stem from a script running unverified user provided
> input. [...] It is a problem, and a big one, but completely different from
> having a local user attack against an setuid script and be able to
> gain the priviledge of the script owner.
I do not think it is "completely different". A setuid script has
defend itself against input from the local user.
> Using user provided input as commands is a problem no matter what
> language you use.
Some languages make it easy, others not.
- Re: cd with multiple arguments?, (continued)
- Re: cd with multiple arguments?, Bob Proulx, 2010/12/15
- Re: cd with multiple arguments?, Marc Herbert, 2010/12/16
- Re: cd with multiple arguments?, Bob Proulx, 2010/12/16
- Re: cd with multiple arguments?, Marc Herbert, 2010/12/17
- Re: cd with multiple arguments?, Greg Wooledge, 2010/12/17
- Re: cd with multiple arguments?, Illia Bobyr, 2010/12/17
- Re: cd with multiple arguments?, Bob Proulx, 2010/12/17
- Re: cd with multiple arguments?,
Marc Herbert <=