[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Sorry!! (was: Re: [cobalt-security] Is this a known bug?)

Subject: Re: Sorry!! (was: Re: [cobalt-security] Is this a known bug?)
From: Gossi The Dog <gossi@xxxxxxxxxxxxxx>
Date: Mon, 24 Jul 2000 21:50:52 +0100 (BST)

On Mon, 24 Jul 2000, Gossi The Dog wrote:

<snip>

> Oh, and then theres the old one of Cobalt allowing users to execute
> programs in SSI by default...  (see texts available online about using SSI
> to compile bindshell.c on the system and executing it).

<snip>

To avoid confusion, yes a patch is available for this.  It's made slightly
worse by the fact that SSI executes the code as user 'httpd', which could
comprise the security of apache.

Cheers.

References:
- Re: Sorry!! (was: Re: [cobalt-security] Is this a known bug?)
  - From: Gossi The Dog

Prev by Date: Re: [cobalt-security] I tried..
Next by Date: Re: [cobalt-security] I tried..
Previous by thread: Re: Sorry!! (was: Re: [cobalt-security] Is this a known bug?)
Next by thread: RE: Sorry!! (was: Re: [cobalt-security] Is this a known bug?)

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index