It seems to me that module yaws_ctl is insecure. Now
possible for local user to find yaws_ctl socket
(usually there are
only a few sockets which listen on localhost) and send
the command to
yaws_ctl, for example stopping the server (DoS attack).
The patched Yaws uses simple cookie-based
authentication. Cookie is
stored in the same file as the port to connect. So, to
be able to
control Yaws the attacker must read the Yaws control file.
Log in to post a comment.