[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: A CGI security hole on Windows?

From: Shigio YAMAGUCHI
Subject: Re: A CGI security hole on Windows?
Date: Sat, 12 Mar 2016 21:27:54 +0900

I understood. Thank you.
I'm sorry but would you please uncomment it when you make
a Windows package? This code is not used on UNIX.
Presence or absence of a security hole seems to be dependent
on the specification (syntax) of Windows shell. Since I'm
not conversant about it, I'd overlook a security hole in
the future. I prefer not to entrust GLOBAL's fate to Microsoft.


2016-03-12 16:04 GMT+09:00 Jason Hood <address@hidden>:
> Doesn't the following code have a security hole on Windows?

"-|" is not supported on Windows and I believe exec will go
through the shell anyway (Windows always has a single command
line string, never individual arguments). (This change was
originally submitted 2014-01-22.)


Shigio YAMAGUCHI <address@hidden>
PGP fingerprint: D1CB 0B89 B346 4AB6 5663  C4B6 3CA5 BBB3 57BE DDA3

reply via email to

[Prev in Thread] Current Thread [Next in Thread]