Full Disclosure mailing list archives
suexec doesn't ignore links in safe_path
From: rcs () rshell org (Guy Cohen)
Date: Wed, 2 Oct 2002 02:48:18 +0300
suexec suppose to guard you from unprivileged programs (among other things), by letting you configure a safe_path of execution. However, if a user is able to link, she can create a link to files outside of the safe_path and then execute them.
Current thread:
- suexec doesn't ignore links in safe_path Guy Cohen (Oct 01)
- suexec doesn't ignore links in safe_path Niels Bakker (Oct 01)
- suexec doesn't ignore links in safe_path Guy Cohen (Oct 01)
- suexec doesn't ignore links in safe_path Charles Stevenson (Oct 01)
- suexec doesn't ignore links in safe_path White Vampire (Oct 01)
- suexec doesn't ignore links in safe_path Guy Cohen (Oct 01)
- suexec doesn't ignore links in safe_path Niels Bakker (Oct 01)