From: "Yannick Duchêne (Hibou57)" <yannick_duchene@yahoo.fr>
Subject: Re: Web Development Using Ada?
Date: Sun, 28 Jul 2013 07:10:19 +0200
Date: 2013-07-28T07:10:19+02:00 [thread overview]
Message-ID: <op.w0w1zhgxule2fv@cardamome> (raw)
In-Reply-To: kt21mn$osm$1@loke.gir.dk
Le Sun, 28 Jul 2013 05:03:51 +0200, Randy Brukardt <randy@rrsoftware.com>
a écrit:
> OTOH, if you execute a shell, if an attacker can find a way to pass
> information to that shell, they might be able to do anything. Apache has
> fixed many such bugs. It's better if there are no shell outs. It's even
> better if the capability to do shell outs isn't even in the code (since
> some
> attacks require executing existing code in unusual ways - if the process
> doesn't have any code that can shell out, such attacks can't shell out
> either).
What's “shell out” in this context? A server or anything responding to a
request, has no reasons to have any connexions to the shell.
--
“Syntactic sugar causes cancer of the semi-colons.” [1]
“Structured Programming supports the law of the excluded muddle.” [1]
[1]: Epigrams on Programming — Alan J. — P. Yale University
next prev parent reply other threads:[~2013-07-28 5:10 UTC|newest]
Thread overview: 46+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-07-27 10:35 Web Development Using Ada? Aay Jay Chan
2013-07-27 12:49 ` Dmitry A. Kazakov
2013-07-27 15:49 ` Shark8
2013-07-27 16:26 ` Dmitry A. Kazakov
2013-07-27 17:19 ` Shark8
2013-07-27 17:26 ` Yannick Duchêne (Hibou57)
2013-07-27 19:05 ` Dmitry A. Kazakov
2013-07-27 17:11 ` Yannick Duchêne (Hibou57)
2013-07-27 17:19 ` Shark8
2013-07-27 17:57 ` Jeffrey Carter
2013-07-28 3:03 ` Randy Brukardt
2013-07-28 5:10 ` Yannick Duchêne (Hibou57) [this message]
2013-08-06 4:43 ` Randy Brukardt
2013-08-06 5:04 ` Paul Rubin
2013-08-06 19:06 ` Randy Brukardt
2013-07-28 9:30 ` Luke A. Guest
2013-07-31 8:30 ` Michael Erdmann
2013-07-31 10:15 ` Aay Jay Chan
2013-07-31 12:09 ` Michael Erdmann
2013-07-31 17:20 ` J-P. Rosen
2013-08-01 13:12 ` Jacob Sparre Andersen
2014-01-13 10:12 ` Marius Amado-Alves
2013-07-31 11:30 ` G.B.
2013-07-31 11:44 ` Yannick Duchêne (Hibou57)
2013-07-31 14:33 ` G.B.
2014-01-13 10:08 ` Marius Amado-Alves
2013-07-31 15:07 ` Pascal Obry
2013-07-31 18:53 ` Michael Erdmann
2013-07-31 21:03 ` Pascal Obry
2013-08-01 4:45 ` Michael Erdmann
2013-08-01 13:31 ` Jacob Sparre Andersen
2013-08-01 20:32 ` Michael Erdmann
2013-08-05 8:47 ` Jacob Sparre Andersen
2013-08-05 11:41 ` Thomas Løcke
2013-08-01 21:15 ` Maciej Sobczak
2013-08-02 17:24 ` Michael Erdmann
2013-08-02 20:54 ` Maciej Sobczak
2013-08-03 6:51 ` Michael Erdmann
2013-08-03 9:58 ` Pascal Obry
2013-08-03 14:50 ` Maciej Sobczak
2013-08-01 15:54 ` leonid.dulman
2014-01-09 9:31 ` arifhussain.33
2014-01-09 12:36 ` Jacob Sparre Andersen
2014-01-10 13:47 ` Mike H
2014-01-14 12:23 ` Vadim Godunko
2014-01-19 23:23 ` Joseph Montanez
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox