[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Jailkit-users] jk_lsh: problem with single quotes / requested execu
Re: [Jailkit-users] jk_lsh: problem with single quotes / requested executable not found
Tue, 3 May 2011 12:52:22 +0200
> Thanks for your reply. Unfortunately it is not possible to fix the web
> application. It is a out-of-the-box CMS system. But wouldn't it make
> sense to patch the jailkit shell that it strips the quotes? Then it will
> behave like other (standard) shells. This is what people would expect I
there are many ways in which jk_lsh does not behave like any other shell.
Right now the code is very simple and thus easy to keep it very secure.
Functions like this are an easy source of bugs and thus for insecurity.
That's why I'm very reluctant to start supporting such features.