On Sunday 20 March 2005 01:17 am, Jonathan T Wang wrote: > Hi, > > I believe I've found a security hole in Myth - in > MainServer::LocalFilePath, MythTV does not check whether the QUrl passed > in by the client in MainServer::HandleAnnounce contains any instances > of "../" > > This means that an attacker could cause MythTV to send him any file on the > system readable by the mythtv user.
Read the code again. Isaac _______________________________________________ mythtv-dev mailing list [email protected] http://mythtv.org/cgi-bin/mailman/listinfo/mythtv-dev
