W3C home > Mailing lists > Public > www-validator@w3.org > December 2002

Re: Installing 0.60 on Debian

From: Wim Fournier <w3c@hsmade.com>
Date: Fri, 13 Dec 2002 10:36:25 +0100 (CET)
Message-ID: <1791.217.198.203.182.1039772185.squirrel@webmail.kern.nl>
To: <www-validator@w3.org>

Terje Bless zei:
> Wim Fournier <w3c@hsmade.com> wrote:
>
>>*NOTE: I had to edit the /var/www/validator-0.60/cgi-bin/check to
>>remove the -R line in the call for the sgml parser on line 476.
>
> Please note that running onsgmls without the -R switch on a
> network-exposed server opens you up to a file-disclosure vulnerability!
> Carefully crafted input can be used to gain access to any file on the
> server that the user running onsgmls (the web server user, most likely)
> has read access to.
>
> We strongly advice against modifying the "check" CGI application this
> way!
>
>
> --
> "I don't want to learn to manage my anger;
> I want to FRANCHISE it!" -- Kevin Martin



Grtz,

Wim Fournier
wim@hsmade.[com|net|org]
Received on Friday, 13 December 2002 04:36:27 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 25 April 2012 12:14:05 GMT