On 14 Sep 2000, Chaim Frenkel wrote: > (Someone remind me, What is the point of -T if not running setuid?) All you need to get root is an unprivilaged shell on anything but a fully patched machine. A dumb Perl CGI running without -T is all you need to get a shell. Besides, I bet most online stores keep our credit card numbers in databases accessible by 'nobody'. You probably wouldn't even need root in most cases if you were after card numbers. -sam
- Re: RFC 227 (v1) Extend the window to turn on taint mode Chaim Frenkel
- Re: RFC 227 (v1) Extend the window to turn on taint... Jarkko Hietaniemi
- Re: RFC 227 (v1) Extend the window to turn on t... Chaim Frenkel
- Re: RFC 227 (v1) Extend the window to turn ... Jarkko Hietaniemi
- Re: RFC 227 (v1) Extend the window to t... Chaim Frenkel
- Re: RFC 227 (v1) Extend the window to turn ... Dan Sugalski
- Re: RFC 227 (v1) Extend the window to t... Chaim Frenkel
- Re: RFC 227 (v1) Extend the window... Dan Sugalski
- Re: RFC 227 (v1) Extend the wi... Chaim Frenkel
- Re: RFC 227 (v1) Extend the wi... Adam Turoff
- Re: RFC 227 (v1) Extend the window to turn on taint... Sam Tregar
- Re: RFC 227 (v1) Extend the window to turn on taint... Adam Turoff
- Re: RFC 227 (v1) Extend the window to turn on t... Chaim Frenkel
- Re: RFC 227 (v1) Extend the window to turn on t... Dan Sugalski
- Re: RFC 227 (v1) Extend the window to turn ... Adam Turoff
- Re: RFC 227 (v1) Extend the window to t... Dan Sugalski
- Re: RFC 227 (v1) Extend the window... Simon Cozens
- Re: RFC 227 (v1) Extend the window to turn on taint mode Michael G Schwern
- Re: RFC 227 (v1) Extend the window to turn on taint... Dan Sugalski
- Re: RFC 227 (v1) Extend the window to turn on t... Adam Turoff
- Re: RFC 227 (v1) Extend the window to turn ... Michael G Schwern
