On Oct 22, 2013 5:14 PM, "Yann Ylavic" <ylavic....@gmail.com> wrote:
>
>
> Shouldn't this be safe from terminal controls, eg :
> const char *name = process->short_name;
> if (!name ||
> !*name ||
> ap_has_cntrl(name)) {
> name = "httpd";
> }
> ?No. You are thinking of untrusted user input. The Admin started this process under the given name. Describe how this can be devolved to a vulnerability?
