FYI Lighttpd 1.4.23 /kernel (trailing '/' on regular file
symlink) vulnerability
Dag-Erling Smørgrav
des at des.no
Tue May 26 21:20:05 UTC 2009
Dag-Erling Smørgrav <des at des.no> writes:
> Like bde@ pointed out, the patch is incorrect. It moves the test for
> v_type != VDIR up to a point where, in the case of a symlink, v_type is
> always (by definition) VLNK.
Hmm, actually, symlinks are resolved in namei(), not lookup(). This is
not going to be pretty. I'll be back later...
DES
--
Dag-Erling Smørgrav - des at des.no
More information about the freebsd-hackers
mailing list