Re: [xml] security issue.

From: Daniel Veillard <veillard redhat com>
To: Anju Premachandran <anju premachandran wipro com>
Cc: aleksey aleksey org, xml gnome org
Subject: Re: [xml] security issue.
Date: Wed, 26 Jun 2002 09:41:04 -0400

On Tue, Jun 25, 2002 at 04:09:00PM +0530, Anju Premachandran wrote:

Hi Aleksey

How did your security audit go?Did u find any new issues?

Regarding  the environment variables for HTTP/FTP access;as u said if a bad guy can change the environment 
variables it can turn out to be a concern.


  If an attacker can change your environment variables, you're toasted
just think about LD_PRELOAD . Conclusion, I don't think any special 
security concern must be had associated to an environment variable value.

  I will appreciate opposite viewpoint if explained ;-)

Daniel

-- 
Daniel Veillard      | Red Hat Network https://rhn.redhat.com/
veillard redhat com  | libxml GNOME XML XSLT toolkit  http://xmlsoft.org/
http://veillard.com/ | Rpmfind RPM search engine http://rpmfind.net/

References:
- [xml] security issue.
  - From: Anju Premachandran

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]