On Wednesday, July 19, 2006 08:58:35 AM -0500 David Thompson
<[EMAIL PROTECTED]> wrote:
3) Specifically for the web server example, in your proposal, a malicious
web page could fork() itself, exit the parent thead, and wait around and
start collecting other authentications, as the web server changed the
authentication in the pag for other requests. Yuch.
Web pages can't call fork() or any other system call; they're just data.
Of course, if you have a web server that runs programs provided by
untrusted users, then you have a whole world of potential problems.
-- Jeffrey T. Hutzelman (N3NHS) <[EMAIL PROTECTED]>
Sr. Research Systems Programmer
School of Computer Science - Research Computing Facility
Carnegie Mellon University - Pittsburgh, PA
_______________________________________________
OpenAFS-devel mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-devel
