On Thu, Dec 29, 2005 at 10:33:48PM -0500, Matt Emmerton wrote: > > Forbidding "/" will set the security to the same level as the base > > functionality. I like that. > > Agreed, although it still leaves open all the security loopholes that were > mentioned, given the proper cwd and malicious intent on the server end. What about "../../../../../../../../../../../../sbin/init" ? -- http://ache.pp.ru/Received on Fri Dec 30 2005 - 02:57:34 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:49 UTC