FYI Lighttpd 1.4.23 /kernel (trailing '/' on regular file
symlink) vulnerability
Oliver Pinter
oliver.pntr at gmail.com
Wed May 27 17:51:09 UTC 2009
Hi!
This is a redefinitions of PARAMASK in the patch, that you attached
-------8<---------
...
#define PARAMASK 0x0ffffe00 /* mask of parameter descriptors */
+#define TRAILINGSLASH 0x10000000 /* path ended in a slash */
+#define PARAMASK 0x1ffffe00 /* mask of parameter descriptors */
...
-------8<---------
On 5/27/09, Dag-Erling Smørgrav <des at des.no> wrote:
> Eygene Ryabinkin <rea-fbsd at codelabs.ru> writes:
>> [new three-part patch]
>
> I committed the namei.h cleanup patch and the vfs_lookup.c comment
> patch.
>
> I made a number of changes to the trailing-slash patch. Can you
> double-check it before I commit it?
>
> DES
> --
> Dag-Erling Smørgrav - des at des.no
>
>
More information about the freebsd-hackers
mailing list