Re: A CGI security hole on Windows?

bug-global

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: A CGI security hole on Windows?

From:	Jason Hood
Subject:	Re: A CGI security hole on Windows?
Date:	Sat, 12 Mar 2016 17:04:32 +1000
User-agent:	Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.6.0

> Doesn't the following code have a security hole on Windows?

"-|" is not supported on Windows and I believe exec will go
through the shell anyway (Windows always has a single command
line string, never individual arguments). (This change was
originally submitted 2014-01-22.)

-- 
Jason.

[Prev in Thread]

Current Thread

[Next in Thread]

A CGI security hole on Windows?, Shigio YAMAGUCHI, 2016/03/09
- Re: A CGI security hole on Windows?, Shigio YAMAGUCHI, 2016/03/11
- Re: A CGI security hole on Windows?, Jason Hood <=
  - Re: A CGI security hole on Windows?, Shigio YAMAGUCHI, 2016/03/12

Prev by Date: Re: A CGI security hole on Windows?
Next by Date: Re: A CGI security hole on Windows?
Previous by thread: Re: A CGI security hole on Windows?
Next by thread: Re: A CGI security hole on Windows?
Index(es):
- Date
- Thread