Terje Bless zei: > Wim Fournier <w3c@hsmade.com> wrote: > >>*NOTE: I had to edit the /var/www/validator-0.60/cgi-bin/check to >>remove the -R line in the call for the sgml parser on line 476. > > Please note that running onsgmls without the -R switch on a > network-exposed server opens you up to a file-disclosure vulnerability! > Carefully crafted input can be used to gain access to any file on the > server that the user running onsgmls (the web server user, most likely) > has read access to. > > We strongly advice against modifying the "check" CGI application this > way! > > > -- > "I don't want to learn to manage my anger; > I want to FRANCHISE it!" -- Kevin Martin Grtz, Wim Fournier wim@hsmade.[com|net|org]Received on Friday, 13 December 2002 04:36:27 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 25 April 2012 12:14:05 GMT