[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: DAV



On Thu, 2004-10-07 at 15:04 -0400, Alan Cox wrote:
> On Thu, Oct 07, 2004 at 07:58:20PM +0100, Joe Orton wrote:
> > It's not CGI scripts which is the issue, the issue is whether or not an
> > OpenSSL buffer overflow gives you remote root or just the privileges of
> > the "apache" user as it currently does.
> 
> That would be a problem yes. You'd end up with apache able to  access any
> files in the system. I guess mod_webdav should never have been mod_

Definitely agreed there.  It should work like ssh+sftp, where ssh execs
a helper program running under the user's uid.  Doing things this way,
in a separate process, also allows the SELinux policy to confine them
separately.

Attachment: signature.asc
Description: This is a digitally signed message part


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]