Daniele Di Proietto writes:
> If vhost-sock-dir is empty, vhost_sock_dir will be NULL, because
> process_vhost_flags() will return 0.
D'oh! Missed this in testing. I'll fix it, and make sure I test this
case more thoroughly.
Thanks so much for the review, Daniele!
-Aaron
> On 26/04/2016 12:42
If vhost-sock-dir is empty, vhost_sock_dir will be NULL, because
process_vhost_flags() will return 0.
On 26/04/2016 12:42, "Aaron Conole" wrote:
>Since the vhost-user sockets directory now comes from the database, it is
>possible for any user with database access to program an arbitrary files
Since the vhost-user sockets directory now comes from the database, it is
possible for any user with database access to program an arbitrary filesystem
location for the sockets directory. This could result in unprivileged users
creating or deleting arbitrary filesystem files by using specially craf
