FYI Lighttpd 1.4.23 /kernel (trailing '/' on regular file
symlink) vulnerability
Dag-Erling Smørgrav
des at des.no
Wed May 27 14:31:00 UTC 2009
Eygene Ryabinkin <rea-fbsd at codelabs.ru> writes:
> Regarding the 'ln -s /etc/motd file; ln -s file/ anotherone': do you
> (or anyone reading this) think that 'cat anotherone' should really
> show the contents of /etc/motd or patch's behaviour is good?
if you mean
$ ln -fs /etc/motd foo
$ ln -fs foo/ bar
$ readlink foo bar
/etc/motd
foo/
$ cat foo
then IMHO it should produce an error.
DES
--
Dag-Erling Smørgrav - des at des.no
More information about the freebsd-hackers
mailing list