Brian May, le Fri 26 Sep 2014 11:40:00 +1000, a écrit : > On 26 September 2014 10:26, Nikolaus Rath <[1][email protected]> wrote: > > Wasn't there some web server that used to put query script variables > into the environment of the CGI script? Or am I confusing that with > PHP's evil register_globals? > > > CGI is just one avenue for attack. > > There are other avenues. e.g. the ssh one, if I understand correctly, would > allow setting any environment variable to any value.
No, it only allows what was explicitly listed in AcceptEnv. Samuel -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/[email protected]
