Nicholas Clark wrote:
On Sat, Aug 30, 2003 at 10:13:02PM -0400, Benjamin Goldberg wrote:
Nicholas Clark wrote:
The attacker can craft a bogus CGITempFile object that refers to any
file on the system, and when this object is destroyed it will attempt to
delete that file at
On Sat, Aug 30, 2003 at 10:13:02PM -0400, Benjamin Goldberg wrote:
Nicholas Clark wrote:
The attacker can craft a bogus CGITempFile object that refers to any
file on the system, and when this object is destroyed it will attempt to
delete that file at whatever privilege level the CGI runs
Nicholas Clark wrote:
On Fri, Aug 29, 2003 at 05:30:37PM +0200, Leopold Toetsch wrote:
I think, we need a general solution for freeze, dump and clone. As
shown
I don't know if this is relevant here, but I'll mention it in case.
For perl5 there isn't a single good generic clone system.
On Fri, Aug 29, 2003 at 05:30:37PM +0200, Leopold Toetsch wrote:
I think, we need a general solution for freeze, dump and clone. As shown
I don't know if this is relevant here, but I'll mention it in case.
For perl5 there isn't a single good generic clone system. Probably the
best (in terms of
On Saturday, August 30, 2003, at 07:59 , Nicholas Clark wrote:
You can't trust you data deserialiser. It can do evil on you before it
returns.
It's not the deserializer that you can't trustit's the data. Of course
it's a security nightmare to deserialize data from an untrusted source.
That
