[icecast-dev] [PATCH] is it of any interest ?
Jack Moffitt
jack at xiph.org
Wed Nov 7 07:18:32 PST 2001
> of course this is not secure at all yet, but anyway maybe it's useful to
> someone as a starting point.
>
> any comment ?
I recommend that _no one_ run this patch on any server. It allows
execution access to any file on the system as the user that icecast is
run as. This is a surefire way to get yourself hacked to hell.
The idea is nice, but you should really pay a lot more attention to
security issues. cgi's need to be run from a certain directory only.
You shouldn't allow arbitrary files to be executed. Also you need to
pass a modified environment to the script in order for this to be real
CGI.
jack.
--- >8 ----
List archives: http://www.xiph.org/archives/
icecast project homepage: http://www.icecast.org/
To unsubscribe from this list, send a message to 'icecast-dev-request at xiph.org'
containing only the word 'unsubscribe' in the body. No subject is needed.
Unsubscribe messages sent to the list will be ignored/filtered.
More information about the Icecast-dev
mailing list