FYI Lighttpd 1.4.23 /kernel (trailing '/' on regular file
symlink) vulnerability
Dag-Erling Smørgrav
des at des.no
Wed May 27 16:46:02 UTC 2009
Bruce Evans <bde at zeta.org.au> writes:
> This seems to be equivalent to the patch in the PR at the time of PR,
> except it risks breaking some other cases, so I don't see how it can
> work.
As discussed on -hackers, it doesn't. This one does, though.
DES
--
Dag-Erling Smørgrav - des at des.no
-------------- next part --------------
A non-text attachment was scrubbed...
Name: vfs_lookup-trailing-slash.diff
Type: text/x-patch
Size: 1848 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-hackers/attachments/20090527/7a21e710/vfs_lookup-trailing-slash.bin
More information about the freebsd-hackers
mailing list