[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [ApacheGallery] Apache::Gallery exploit. possible fix.
On Thu, Sep 04, 2003 at 09:48:49PM -0400, Jon Hart wrote:
> I believe the simplest fix is not to use File::Spec->tmpdir() in the
> call to Inline, as not only will that almost return a world writeable
> directory, and the Inline documentation clearly states:
Or to create the inline-dir manually with checks in place to see if the
permissions and ownership of the directory is acceptable. (The reason
tmpdir was chosen was to make sure that make test actually works, since
we don't have access to the apache config when a "make test" is run)
Andreas Plesner Jacobsen | What we Are is God's gift to us.
| What we Become is our gift to God.
users mailing list