On Wed, Oct 23, 2013 at 1:27 AM, William A. Rowe Jr. <wmr...@gmail.com>wrote:
>
> On Oct 22, 2013 5:14 PM, "Yann Ylavic" <ylavic....@gmail.com> wrote:
> >
> >
> > Shouldn't this be safe from terminal controls, eg :
> > const char *name = process->short_name;
> > if (!name ||
> > !*name ||
> > ap_has_cntrl(name)) {
> > name = "httpd";
> > }
> > ?
>
> No. You are thinking of untrusted user input. The Admin started this
> process under the given name. Describe how this can be devolved to a
> vulnerability?
>
No particular vulnerability (in sane circumstances, ie. the Admin is not
given an evil name), and not an httpd vulnerability anyway, but the usual
ap_log_error(...STARTUP...) does escape control chars, which make this code
the only place where some "given" data is put direclty to the terminal. I
can probably live with it...
Regards.
