Andrey A. Chernov wrote this message on Fri, Dec 30, 2005 at 06:57 +0300: > On Thu, Dec 29, 2005 at 10:33:48PM -0500, Matt Emmerton wrote: > > > Forbidding "/" will set the security to the same level as the base > > > functionality. I like that. > > > > Agreed, although it still leaves open all the security loopholes that were > > mentioned, given the proper cwd and malicious intent on the server end. > > What about "../../../../../../../../../../../../sbin/init" ? last I checked there was a / or two in that filename... :) and hence invalid... -- John-Mark Gurney Voice: +1 415 225 5579 "All that I will do, has been done, All that I have, has not."Received on Fri Dec 30 2005 - 03:28:34 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:49 UTC