Skip to main content.
home | support | download

Back to List Archive

Re: swish-e 2.4 | 2.5 under Windows

From: Bill Moseley <moseley(at)not-real.hank.org>
Date: Thu Jun 02 2005 - 14:48:52 GMT
On Thu, Jun 02, 2005 at 09:45:38AM -0500, David L Norris wrote:
> On Thu, 2005-06-02 at 07:29 -0700, Bill Moseley wrote:
> > On Thu, Jun 02, 2005 at 07:02:56AM -0700, Roman Chyla wrote:
> > > [Thu Jun 02 15:52:43 2005] [warn] exec() may not be safe
> > 
> > Is that from PHP?
> 
> I believe it is from Apache when running on systems with an insecure
> shell. (i.e. Windows 9x)  There's no way to escape anything in the DOS
> shell.

A quick google found it on PHP related questions, is why I asked.

> One could easily take over the entire computer from a script
> running on the web server.

I hear that it's easier than that.

-- 
Bill Moseley
moseley@hank.org

Unsubscribe from or help with the swish-e list: 
   http://swish-e.org/Discussion/

Help with Swish-e:
   http://swish-e.org/current/docs
   swish-e@sunsite.berkeley.edu
Received on Thu Jun 2 07:48:53 2005