💾 Archived View for rawtext.club › ~sloum › geminilist › 001663.gmi captured on 2020-11-07 at 02:22:48. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2020-09-24)
-=-=-=-=-=-=-
solderpunk solderpunk at SDF.ORG
Sun Jun 14 10:46:30 BST 2020
- - - - - - - - - - - - - - - - - - -
On Sat, Jun 13, 2020 at 10:06:39PM -0400, Jason McBrayer wrote:
The most important of these bug fixes is a fix to a path-traversal bug,
that could have allowed carefully constructed requests to read
world-readable files from outside your Germinal document root. (There
was code to catch path traversals before, but it was wrong, and only
caught simple cases).
Path-traversal bugs are scary! Is it worth sharing the details of thisso that other server authors can check for analogous bugs in theirservers? Or was it highly specific to your programming language orserver design?
Cheers,Solderpunk