- From: Wim Fournier <w3c@hsmade.com>
- Date: Fri, 13 Dec 2002 10:36:25 +0100 (CET)
- To: <www-validator@w3.org>
Terje Bless zei: > Wim Fournier <w3c@hsmade.com> wrote: > >>*NOTE: I had to edit the /var/www/validator-0.60/cgi-bin/check to >>remove the -R line in the call for the sgml parser on line 476. > > Please note that running onsgmls without the -R switch on a > network-exposed server opens you up to a file-disclosure vulnerability! > Carefully crafted input can be used to gain access to any file on the > server that the user running onsgmls (the web server user, most likely) > has read access to. > > We strongly advice against modifying the "check" CGI application this > way! > > > -- > "I don't want to learn to manage my anger; > I want to FRANCHISE it!" -- Kevin Martin Grtz, Wim Fournier wim@hsmade.[com|net|org]
Received on Friday, 13 December 2002 04:36:27 UTC