FYI Lighttpd 1.4.23 /kernel (trailing '/' on regular file
symlink) vulnerability
Dag-Erling Smørgrav
des at des.no
Wed May 27 18:03:59 UTC 2009
Eygene Ryabinkin <rea-fbsd at codelabs.ru> writes:
> 'if ()' looks suspicious: ISLASTCN is set some lines below so it could
> be not yet flagged. Seems like we could omit 'if ()' clause but leave
> it's body for the current state of the code -- it will be equivalent to
> the mine's check.
Yes, I was a little too quick there. You're right, we can just drop the
if().
Actually, the reason why I moved this up is that I was considering
eliminating the trailing_slash variable entirely.
> By the way, I had somewhat extended your regression tests with the
> intermediate symlink tests, directory tests and device-as-a-target
> tests. Patches are attached. Will they go?
I'll take a look at them later.
DES
--
Dag-Erling Smørgrav - des at des.no
More information about the freebsd-hackers
mailing list