Re: [Cgi-session-user] FW: Security issue about CGI::Session
Brought to you by:
sherzodr
Menu
▾
▴
Re: [Cgi-session-user] FW: Security issue about CGI::Session
|
From: Matt L. <mle...@cp...> - 2006-03-22 22:14:28
|
All right gang, I've added O_NOFOLLOW to pretty much any and all file operations for the file and db_file drivers. O_EXCL|O_CREAT is used to create files. There are also two new symlink tests to make certain the drivers don't follow any symlinks and remove symlinks before writing to session files. Hopefully, this ends this series of bugs. Btw, if you have svn access, please test the db_file driver. I was getting some fairly odd issues when using O_NOFOLLOW and an older version of Berkeley DB. (upgrade fixed it) Thanks, Matt LeBlanc |
