|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Niels Bakker (niels=netsys_at_bakker.net)
Date: Tue Oct 01 2002 - 19:26:30 CDT
* rcs
rshell.org (Guy Cohen) [Wed 02 Oct 2002, 02:14 CEST]:
> suexec suppose to guard you from unprivileged programs (among other things),
> by letting you configure a safe_path of execution. However, if a user is
> able to link, she can create a link to files outside of the safe_path and
> then execute them.
And if a user is allowed to install a program that will be executed by
the web server, that program can be written equally well to just execute
something in a different location.
In other words: your point?
-- Niels.
-- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]