FYI Lighttpd 1.4.23 /kernel (trailing '/' on regular file symlink) vulnerability

[Dag-Erling Smørgrav]

Dag-Erling Smørgrav <des at des.no> writes:
> Like bde@ pointed out, the patch is incorrect.  It moves the test for
> v_type != VDIR up to a point where, in the case of a symlink, v_type is
> always (by definition) VLNK.

Hmm, actually, symlinks are resolved in namei(), not lookup().  This is
not going to be pretty.  I'll be back later...

DES
-- 
Dag-Erling Smørgrav - des at des.no