Branch: Tag:

2002-05-08

2002-05-08 13:08:34 by 0

Fixed security hole where any file (read: image) on the server computer
was accessible from inside RXML if the Pike process had privileges to read
the file.

Rev: server/base_server/roxen.pike:1.795

6:   // Per Hedbor, Henrik Grubbström, Pontus Hagland, David Hedbor and others.   // ABS and suicide systems contributed freely by Francesco Chemolli    - constant cvs_version="$Id: roxen.pike,v 1.794 2002/05/06 15:14:17 mast Exp $"; + constant cvs_version="$Id: roxen.pike,v 1.795 2002/05/08 13:08:34 jonasw Exp $";      // The argument cache. Used by the image cache.   ArgCache argcache;
3964:    id->misc->_load_image_called++;    if(!(data=id->conf->try_get_file(f, id)))    { -  file=Stdio.File(); -  if(!file->open(f,"r") || !(data=file->read())) +  // This is a major security hole! It can load any (image) file +  // in the low-level file system using the server's user privileges. +  // +  // file=Stdio.File(); +  // if(!file->open(f,"r") || !(data=file->read()))   #ifdef THREADS    catch    {
4000:    id->misc->_load_image_called++;    if(!(data=id->conf->try_get_file(f, id)))    { -  file=Stdio.File(); -  if(!file->open(f,"r") || !(data=file->read())) +  // This is a major security hole! It can load any (image) file +  // in the low-level file system using the server's user privileges. +  // +  // file=Stdio.File(); +  // if(!file->open(f,"r") || !(data=file->read()))   // #ifdef THREADS    catch    {