[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Sorry!! (was: Re: [cobalt-security] Is this a known bug?)
- Subject: Re: Sorry!! (was: Re: [cobalt-security] Is this a known bug?)
- From: Gossi The Dog <gossi@xxxxxxxxxxxxxx>
- Date: Mon, 24 Jul 2000 21:50:52 +0100 (BST)
On Mon, 24 Jul 2000, Gossi The Dog wrote:
<snip>
> Oh, and then theres the old one of Cobalt allowing users to execute
> programs in SSI by default... (see texts available online about using SSI
> to compile bindshell.c on the system and executing it).
<snip>
To avoid confusion, yes a patch is available for this. It's made slightly
worse by the fact that SSI executes the code as user 'httpd', which could
comprise the security of apache.
Cheers.