Can anyone reproduce this? Apache seems to have closed the tty fd well before running a CGI. I haven't been successful abusing it with TIOCSTI. Does anyone see a way that this is actually a security problem?
-- Kees Cook @outflux.net -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
