[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Jailkit-users] jk_lsh: problem with single quotes / requested execu

From: Olivier Sessink
Subject: Re: [Jailkit-users] jk_lsh: problem with single quotes / requested executable not found
Date: Tue, 3 May 2011 12:52:22 +0200
User-agent: SquirrelMail/1.4.20


> Thanks for your reply. Unfortunately it is not possible to fix the web
> application. It is a out-of-the-box CMS system. But wouldn't it make
> sense to patch the jailkit shell that it strips the quotes? Then it will
> behave like other (standard) shells. This is what people would expect I
> think.

there are many ways in which jk_lsh does not behave like any other shell.
Right now the code is very simple and thus easy to keep it very secure.

Functions like this are an easy source of bugs and thus for insecurity.
That's why I'm very reluctant to start supporting such features.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]