[icecast-dev] [PATCH] is it of any interest ?

Jack Moffitt jack at xiph.org
Wed Nov 7 07:18:32 PST 2001



> of course this is not secure at all yet, but anyway maybe it's useful to
> someone as a starting point.
> 
> any comment ?

I recommend that _no one_ run this patch on any server.  It allows
execution access to any file on the system as the user that icecast is
run as.  This is a surefire way to get yourself hacked to hell.

The idea is nice, but you should really pay a lot more attention to
security issues.  cgi's need to be run from a certain directory only.
You shouldn't allow arbitrary files to be executed.  Also you need to
pass a modified environment to the script in order for this to be real
CGI.

jack.

--- >8 ----
List archives:  http://www.xiph.org/archives/
icecast project homepage: http://www.icecast.org/
To unsubscribe from this list, send a message to 'icecast-dev-request at xiph.org'
containing only the word 'unsubscribe' in the body.  No subject is needed.
Unsubscribe messages sent to the list will be ignored/filtered.



More information about the Icecast-dev mailing list