Andrey Chernov wrote on Fri, Dec 30, 2005 at 06:57:24AM +0300: > On Thu, Dec 29, 2005 at 10:33:48PM -0500, Matt Emmerton wrote: > > > Forbidding "/" will set the security to the same level as the base > > > functionality. I like that. > > > > Agreed, although it still leaves open all the security loopholes that were > > mentioned, given the proper cwd and malicious intent on the server end. > > What about "../../../../../../../../../../../../sbin/init" ? Of course I meant I will not allow *any* "/" in the filename. Might have been lost in the translation. Martin -- %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% Martin Cracauer <cracauer_at_cons.org> http://www.cons.org/cracauer/ FreeBSD - where you want to go, today. http://www.freebsd.org/Received on Fri Dec 30 2005 - 12:10:59 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:50 UTC