On Wed, Oct 23, 2013 at 1:27 AM, William A. Rowe Jr. <wmr...@gmail.com>wrote:
> > On Oct 22, 2013 5:14 PM, "Yann Ylavic" <ylavic....@gmail.com> wrote: > > > > > > Shouldn't this be safe from terminal controls, eg : > > const char *name = process->short_name; > > if (!name || > > !*name || > > ap_has_cntrl(name)) { > > name = "httpd"; > > } > > ? > > No. You are thinking of untrusted user input. The Admin started this > process under the given name. Describe how this can be devolved to a > vulnerability? > No particular vulnerability (in sane circumstances, ie. the Admin is not given an evil name), and not an httpd vulnerability anyway, but the usual ap_log_error(...STARTUP...) does escape control chars, which make this code the only place where some "given" data is put direclty to the terminal. I can probably live with it... Regards.