Re: [xml] security issue.

On Tue, Jun 25, 2002 at 04:09:00PM +0530, Anju Premachandran wrote:
Hi Aleksey

How did your security audit go?Did u find any new issues?

Regarding  the environment variables for HTTP/FTP access;as u said if a bad guy can change the environment 
variables it can turn out to be a concern.

  If an attacker can change your environment variables, you're toasted
just think about LD_PRELOAD . Conclusion, I don't think any special 
security concern must be had associated to an environment variable value.

  I will appreciate opposite viewpoint if explained ;-)


Daniel Veillard      | Red Hat Network
veillard redhat com  | libxml GNOME XML XSLT toolkit | Rpmfind RPM search engine

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]