•Re: Re: •Re: Image Lister

It's still a security hole. If you're going to the trouble to strip leading dots, you might as well do the whole job and make sure you're reasonably secure in the entire path.

And even as is, it's also a useful probing tool. I can see if you have a password file, or certain binaries, because you have a different response if the thing exists vs not exists. Such information can be used to determine if certain users exists (probe for /home/someuser, for example) or what version of software is being run on the system (by looking for paths that exist on Linux vs BSD, etc.)

So, to fend off the next likely response of "why do I care? there's nothing interesting on this box", remember that an 0wn3d box can be used to launch attacks on others with some anonyminity, or worse yet, putting the blame on you.

Security does matter.

-- Randal L. Schwartz, Perl hacker
Be sure to read my standard disclaimer if this is a reply.

Comment on •Re: Re: •Re: Image Lister

Replies are listed 'Best First'.
Re: •Re: Re: •Re: Image Lister by Chady (Priest) on Apr 04, 2003 at 20:02 UTC
Ah... I was sure you wouldn't reply for the trivial <img.. tag. I missed the `if ( -e "./$pic" )` bit... I see the point now. Thanx for the pointer. He who asks will be a fool for five minutes, but he who doesn't ask will remain a fool for life. Chady \| http://chady.net/	[reply] [d/l]