Brian May, le Fri 26 Sep 2014 11:40:00 +1000, a écrit : > On 26 September 2014 10:26, Nikolaus Rath <[1]nikol...@rath.org> wrote: > > Wasn't there some web server that used to put query script variables > into the environment of the CGI script? Or am I confusing that with > PHP's evil register_globals? > > > CGI is just one avenue for attack. > > There are other avenues. e.g. the ssh one, if I understand correctly, would > allow setting any environment variable to any value.
No, it only allows what was explicitly listed in AcceptEnv. Samuel -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140926072117.gk3...@type.youpi.perso.aquilenet.fr
