Mail Index

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [ApacheGallery] Apache::Gallery exploit. possible fix.

To: users@xxxxxxxxxxxxxxxx
Subject: Re: [ApacheGallery] Apache::Gallery exploit. possible fix.
From: Andreas Plesner Jacobsen <apj@xxxxxxx>
Date: Fri, 5 Sep 2003 09:56:24 +0200
References: <20030905014849.GA3729@xxxxxxxxxxx>
Sender: users-admin@xxxxxxxxxxxxxxxx
User-agent: Mutt/1.5.3i

On Thu, Sep 04, 2003 at 09:48:49PM -0400, Jon Hart wrote:
> 
> I believe the simplest fix is not to use File::Spec->tmpdir() in the
> call to Inline, as not only will that almost return a world writeable
> directory, and the Inline documentation clearly states:

Or to create the inline-dir manually with checks in place to see if the
permissions and ownership of the directory is acceptable. (The reason
tmpdir was chosen was to make sure that make test actually works, since
we don't have access to the apache config when a "make test" is run)

-- 
Andreas Plesner Jacobsen | What we Are is God's gift to us.
                         | What we Become is our gift to God.
_______________________________________________
users mailing list
users@xxxxxxxxxxxxxxxx
http://ufo.hestdesign.com/cgi-bin/mailman/listinfo/agusers

References:
- [ApacheGallery] Apache::Gallery exploit. possible fix.
  - From: Jon Hart

Prev by Date: [ApacheGallery] Apache::Gallery exploit. possible fix.
Next by Date: [ApacheGallery] (unofficial) Inline-free version of A::G available for test
Previous by thread: [ApacheGallery] Apache::Gallery exploit. possible fix.
Next by thread: [ApacheGallery] (unofficial) Inline-free version of A::G available for test
Index(es):
- Date
- Thread