Re: keynote DSO

To: rm@fabula.de
Cc: simon@nuit.ca, debian-apache@lists.debian.org
Subject: Re: keynote DSO
From: Fabio Massimo Di Nitto <fabbione@fabbione.net>
Date: Mon, 17 May 2004 15:08:06 +0200 (CEST)
Message-id: <[🔎] Pine.LNX.4.58.0405171505510.3846@trider-g7.ext.fabbione.net>
In-reply-to: <[🔎] 20040517105257.GA26401@www>
References: <[🔎] 20040516081828.GA26318@nuit.ca> <[🔎] Pine.LNX.4.58.0405161209310.26122@trider-g7.ext.fabbione.net> <[🔎] 20040517105257.GA26401@www>

On Mon, 17 May 2004 rm@fabula.de wrote:

>
> ... _unless_ there's actually _is_ a user 'ben' on the box and he has
> a tweaked version of keynote ....
>
> > where it finds the proper headers.
>
> What headers? Doesn't '-L' set the library search path. I'd consider this
> a security thread. A smart intruder might place his version of libkeynote
> into '/home/ben/work/KeyNote' and hell breaks lose.
>
> Just my 0.02$
>

Thanks but how things are working now the attackers can try to do as much
as they want, but i seriously doubt they will succeed to do as good as
upstream (see #237763) ;).

Fabio

-- 
<user> fajita: step one
<fajita> Whatever the problem, step one is always to look in the error log.
<user> fajita: step two
<fajita> When in danger or in doubt, step two is to scream and shout.

Reply to:

Follow-Ups:
- Re: keynote DSO
  - From: simon@nuit.ca

References:
- keynote DSO
  - From: simon@nuit.ca
- Re: keynote DSO
  - From: Fabio Massimo Di Nitto <fabbione@fabbione.net>
- Re: keynote DSO
  - From: rm@fabula.de

Prev by Date: Re: CAN-2003-0993 Apache problem
Next by Date: Re: CAN-2003-0993 Apache problem
Previous by thread: Re: keynote DSO
Next by thread: Re: keynote DSO
Index(es):
- Date
- Thread