> you may want to watch out for a possible DoS / security vulnerability in this.
>
> what if i were to construct a request to the server with the headers:
> GET shadow HTTP/1.0
> Host: ../../../etc
>
> or similar?
>
> without having looked at the rest of the khttpd code, i would imagine
> assume that horrible-tricks like these are checked for in the supplied
> pathname -- but how about the host header?
Well. This trick is detected even with the host header. This is because
ALL kHTTPd's security stuff is done on the _full_ filename. But you are
right still. We shouldn't let the remote user supply the path, we should
resolve his/her request to some local path, set by the local root user.
Greetings,
Arjan van de Ven
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/