Re: apache security issue (with upstream new release)
Hey, morons, don't drop people from the CC. Otherwise they'll never
know what you're saying.
On Fri, Oct 31, 2003 at 03:07:26PM +0100, Lupe Christoph wrote:
> Quoting Phillip Hofmeister <plhofmei@zionlth.org>:
>
> > I believe your justification can be found:
>
> > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=218188
>
> > I'm not saying I agree fully with it...but I do understand it...
>
> Given that some of the affected directives can be used in .htaccess
> files, the potential for an ordinary user to exploit this is there.
> This allows access to the user the Apache work processes run as. Not
> much, but depending on local setup, this can be harmful.
But if a malicious user has access to .htaccess, you're already fucked
five ways from sunday.
--
"It's not Hollywood. War is real, war is primarily not about defeat or
victory, it is about death. I've seen thousands and thousands of dead bodies.
Do you think I want to have an academic debate on this subject?" -- Robert Fisk
Reply to: