Re: svn commit: r228843 - head/contrib/telnet/libtelnet
On Thu, Dec 29, 2011 at 12:30:23PM -0800, Xin Li wrote:
> >> On Thu, Dec 29, 2011 at 11:00 AM, John Baldwin <jhb@freebsd.org>
> > Another route might have been set an env
> > var
I already suggest it as one of possible ways.
> Using an environment variable may be not a good idea since it can be
> easily overridden, and I think if the program runs something inside
> the chroot, the jailed chroot would have more proper setup to avoid
> this type of attack?
In case user (more precisely, ftpd) runs any program which resides in=20
/incoming/, nothing helps in anycase. In case ftpd runs known programs=20
=66rom known locations only, it can't be overriden because known program=20
(say, ls) is not malicious by itself and can be turned malicious only by=20
loading .so from current directory, which env variable prevents.
--=20
http://ache.vniz.net/
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
討論串 (同標題文章)
完整討論串 (本文為第 17 之 20 篇):