On Oct 22, 2013 5:14 PM, "Yann Ylavic" <ylavic....@gmail.com> wrote: > > > Shouldn't this be safe from terminal controls, eg : > const char *name = process->short_name; > if (!name || > !*name || > ap_has_cntrl(name)) { > name = "httpd"; > } > ?
No. You are thinking of untrusted user input. The Admin started this process under the given name. Describe how this can be devolved to a vulnerability?