FYI Lighttpd 1.4.23 /kernel (trailing '/' on regular file
symlink) vulnerability
Dag-Erling Smørgrav
des at des.no
Wed Jun 3 09:03:47 UTC 2009
Eygene Ryabinkin <rea-fbsd at codelabs.ru> writes:
> "Dag-Erling Smørgrav" <des at des.no> writes:
> > Eygene Ryabinkin <rea-fbsd at codelabs.ru> writes:
> > > Perhaps 'XXX for direnter()' should be changed to something like
> > > 'strip trailing slashes in cnp->cn_nameptr'.
> > I'll just remove it, since the previous comment clearly explains
> > what is going on.
> May be it's better to leave the comment, but replace it with more
> undestandable one: this instruction is a bit tricky and it makes one to
> think what the hell is going on.
Isn't it clearly described in the preceding comment? Specifically, by
the first two sentences: "Replace multiple slashes by a single slash and
trailing slashes by a null. This must be done before VOP_LOOKUP()
because some fs's don't know about trailing slashes."
DES
--
Dag-Erling Smørgrav - des at des.no
More information about the freebsd-hackers
mailing list