possible security hole

Florian Weimer fw@deneb.enyo.de
05 Dec 2000 23:34:04 +0100

"Derek Vokey" <turfdog@planetturf.ca> writes:

> There is no telnet access or any other command line access to anyone other
> than root on this server. Is there a way to examine the environment of the
> shell process strictly through cgi?
What does "strictly through cgi" mean? If you allow uploading arbitrary CGI programs by users, that's almost equivalent to shell access and certainly sufficient for reading the environment of other processes, at least on Linux (where you can read /proc) and some other systems (where you can invoke 'ps e').
> ----- Original Message -----
Eh, your quoting style is strange. -- Archive is at http://lists.gnupg.org - Unsubscribe by sending mail with a subject of "unsubscribe" to gnupg-users-request@gnupg.org