RE: [Cgi-session-user] FW: Security issue about CGI::Session
Brought to you by:
sherzodr
Menu
▾
▴
RE: [Cgi-session-user] FW: Security issue about CGI::Session
|
From: Sherzod R. <she...@ha...> - 2006-03-23 08:33:18
|
All the tests passed for me with Berkeley DB 4.1.25, and DB_File.pm 1.806 > -----Original Message----- > From: cgi...@li... > [mailto:cgi...@li...] On > Behalf Of Matt LeBlanc > Sent: Wednesday, March 22, 2006 5:12 PM > To: cgi...@li... > Subject: Re: [Cgi-session-user] FW: Security issue about CGI::Session > > > All right gang, > > I've added O_NOFOLLOW to pretty much any and all file > operations for the > file and db_file drivers. O_EXCL|O_CREAT is used to create > files. There > are also two new symlink tests to make certain the drivers > don't follow > any symlinks and remove symlinks before writing to session files. > Hopefully, this ends this series of bugs. > > Btw, if you have svn access, please test the db_file driver. I was > getting some fairly odd issues when using O_NOFOLLOW and an older > version of Berkeley DB. (upgrade fixed it) > > Thanks, > Matt LeBlanc > > > ------------------------------------------------------- > This SF.Net email is sponsored by xPML, a groundbreaking > scripting language that extends applications into web and > mobile media. Attend the live webcast and join the prime > developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642 _______________________________________________ Cgi-session-user mailing list Cgi...@li... https://lists.sourceforge.net/lists/listinfo/cgi-session-user |
