Wim Fournier <w3c@hsmade.com> wrote: >*NOTE: I had to edit the /var/www/validator-0.60/cgi-bin/check to remove >the -R line in the call for the sgml parser on line 476. Please note that running onsgmls without the -R switch on a network-exposed server opens you up to a file-disclosure vulnerability! Carefully crafted input can be used to gain access to any file on the server that the user running onsgmls (the web server user, most likely) has read access to. We strongly advice against modifying the "check" CGI application this way! -- "I don't want to learn to manage my anger; I want to FRANCHISE it!" -- Kevin MartinReceived on Friday, 13 December 2002 04:23:37 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:57:07 GMT