Am 02.09.2011 09:39, schrieb Florian Weimer: > * Reindl Harald: > >> mtime -> well, is directly in the header -> Last-Modified >> size -> well, directly in the header -> Content-Length >> inode -> well, where is there any security implication? > > I guess you could use it to form an NFS handle, and use that to bypass > intended access restrictions. But that's the fault of NFS, and systems > which do not use cryptographic NFS handles probably use non-random or > 32-bit inodes, which are open to guessing anyway
independend of the fact that i can guess it, it is really really not the problem of httpd if some stupid guy has nFS opened on the internet
signature.asc
Description: OpenPGP digital signature
