On Mon, May 4, 2009 at 3:07 PM, Tomasz Pala <[email protected]> wrote: > [*] security means filter as much as possible; in this case it's "'don't > expose as much as possible" - so the change would be acceptable among > with filtering access to every *.php*.* (maybe with *~ and *.rpm{save,new}).
Actually here it seems to be more secure the other way around - not alowing parsing of uploaded foo.php.jpg files for example (at least some webapps only care about file extensions). To exploit .rpmsave, you need to a) know it's PLD, b) know the config copy is in the DocumentRoot (packaging bug). YMMV but most likely you won't get a chance to execute any code. To exploit .php.foo you can ask google for a list of sites using the same software (for example querying for "powered by foo") and do a mass scripted exploit. This allows people to run untrusted code on your webserver. -- Patryk Zawadzki _______________________________________________ pld-devel-en mailing list [email protected] http://lists.pld-linux.org/mailman/listinfo/pld-devel-en
