Twitter | Pretraživanje | |
Dino A. Dai Zovi
Remote shell metacharacter injection and command-execution as root in an SMTP server... what year is it again?
Reply Retweet Označi sa "sviđa mi se" More
Rich Felker 29. sij
Odgovor korisniku/ci @dinodaizovi @esizkur
Core question is why we still have these backwards mail delivery architectures that involve executing a shell command constructed from input, as root. Or why root is involved at all.
Reply Retweet Označi sa "sviđa mi se"
Dino A. Dai Zovi 29. sij
Odgovor korisniku/ci @RichFelker @esizkur
Both excellent questions...
Reply Retweet Označi sa "sviđa mi se"
Holger Freyther 29. sij
Odgovor korisniku/ci @dinodaizovi @esizkur
And the second issue of this class in OpenBSD. More to come? Or the apt/apt-http vulnerability?
Reply Retweet Označi sa "sviđa mi se"
Elias Ladopoulos 30. sij
Odgovor korisniku/ci @dinodaizovi
Always read the classics. 😉
Reply Retweet Označi sa "sviđa mi se"
rachel engel 29. sij
Odgovor korisniku/ci @dinodaizovi
All bugs are eternal. If we get to the point where it’s just side channels, thank god. Career goal is to be redundant
Reply Retweet Označi sa "sviđa mi se"