|
@dinodaizovi | |||||
|
Remote shell metacharacter injection and command-execution as root in an SMTP server... what year is it again? twitter.com/window/status/…
|
||||||
|
||||||
|
Rich Felker
@RichFelker
|
29. sij |
|
Core question is why we still have these backwards mail delivery architectures that involve executing a shell command constructed from input, as root. Or why root is involved at all.
|
||
|
|
||
|
Dino A. Dai Zovi
@dinodaizovi
|
29. sij |
|
Both excellent questions...
|
||
|
|
||
|
Holger Freyther
@zecke42
|
29. sij |
|
And the second issue of this class in OpenBSD. More to come? Or the apt/apt-http vulnerability?
|
||
|
|
||
|
Elias Ladopoulos
@acidphreak
|
30. sij |
|
Always read the classics. 😉
|
||
|
|
||
|
rachel engel
@lrigknat_geek
|
29. sij |
|
All bugs are eternal. If we get to the point where it’s just side channels, thank god. Career goal is to be redundant
|
||
|
|
||