[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: DAV

From: Alan Cox <alan redhat com>
To: Development discussions related to Fedora Core <fedora-devel-list redhat com>
Subject: Re: DAV
Date: Thu, 7 Oct 2004 15:04:13 -0400

On Thu, Oct 07, 2004 at 07:58:20PM +0100, Joe Orton wrote:
> It's not CGI scripts which is the issue, the issue is whether or not an
> OpenSSL buffer overflow gives you remote root or just the privileges of
> the "apache" user as it currently does.

That would be a problem yes. You'd end up with apache able to  access any
files in the system. I guess mod_webdav should never have been mod_

Follow-Ups:
- Re: DAV
  - From: Colin Walters

References:
- Re: SELinux should be off by default in FC3
  - From: Arjan van de Ven
- Re: SELinux should be off by default in FC3
  - From: Stephen Smalley
- Re: SELinux should be off by default in FC3
  - From: Chris Adams
- Re: SELinux should be off by default in FC3
  - From: Steven Pritchard
- Re: DAV
  - From: Rex Dieter
- Re: DAV
  - From: Joe Orton
- Re: DAV
  - From: Alan Cox
- Re: DAV
  - From: Joe Orton
- Re: DAV
  - From: Alan Cox
- Re: DAV
  - From: Joe Orton

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]