- From: Terje Bless <link@pobox.com>
- Date: Fri, 13 Dec 2002 10:23:32 +0100
- To: W3C Validator <www-validator@w3.org>
- cc: Wim Fournier <w3c@hsmade.com>
Wim Fournier <w3c@hsmade.com> wrote: >*NOTE: I had to edit the /var/www/validator-0.60/cgi-bin/check to remove >the -R line in the call for the sgml parser on line 476. Please note that running onsgmls without the -R switch on a network-exposed server opens you up to a file-disclosure vulnerability! Carefully crafted input can be used to gain access to any file on the server that the user running onsgmls (the web server user, most likely) has read access to. We strongly advice against modifying the "check" CGI application this way! -- "I don't want to learn to manage my anger; I want to FRANCHISE it!" -- Kevin Martin
Received on Friday, 13 December 2002 04:23:37 UTC