Eric Haszlakiewicz wrote:
> On Wed, Jul 25, 2007 at 10:57:53PM -0700, Bill
Stouder-Studenmund wrote:
>> We should check, but I doubt there is a security
issue here. All you're
>> going to find is anything extra you scribbled while
the page was in cache.
>> And you have to have write access to do that, so
you could have written
>> the file anyway.
>
> Sure, but anyone with read access can see that data.
You don't need write
> access for that. You can even do it with cp:
But the writer is not supposed to write there in the first
place! But even if this is a bug in the writer (writing
after the end of the (mapped) file), it is still writing to
a file which can be read by users with the appropriate
permissions. I don't really see a security problem there.
cheers
simon
--
Serve - BSD +++ RENT this banner advert +++ ASCII
Ribbon /"
Work - Mac +++ space for low €€€ NOW!1 +++
Campaign /
Party Enjoy Relax | http://dragonflybsd.org
Against HTML
Dude 2c 2 the max ! http://golden-apple.biz
Mail + News /
|
