Re: JFFS3 document / wiki [OT]

public inbox for linux-mtd@lists.infradead.org
 help / color / mirror / Atom feed

From: "Jörn Engel" <joern@wohnheim.fh-wedel.de>
To: Cam <camilo@mesias.co.uk>
Cc: linux-mtd@lists.infradead.org, David Woodhouse <dwmw2@infradead.org>
Subject: Re: JFFS3 document / wiki [OT]
Date: Thu, 27 Jan 2005 17:38:45 +0100	[thread overview]
Message-ID: <20050127163845.GA7755@wohnheim.fh-wedel.de> (raw)
In-Reply-To: <41F9127E.6030508@mesias.co.uk>

On Thu, 27 January 2005 16:10:38 +0000, Cam wrote:
> 
> >Plus, Wikis tend to be instant security problems.  The situation
> >appears to be so bad that anyone with average exploit knowledge can
> >read the sources and control some new machines within a rainy
> >afternoon. 
> 
> Can you back that statement up with an example please? I wasn't aware 
> that wikis were so dangerous! :)

Neither was I before attending last years ccc.
http://www.ccc.de/congress/2004/

Various bits of information on this were spread all over the place:
o Code examples of mysql - tons of buffer overflows.
o Code examples of php - same.
o Various hacks of machines based on either php or mysql
  vulnerabilities.
o Some specific problems with some wiki implementations.

Considering that most wikis use php, mysql or both, you can pretty
much get the idea.  I cannot point to specific vulnerabilities or
exploits, but the only thing stopping me from owning your wiki is my
lack of interest.  Cooking up something new is horribly simple.  So
you might want to move it somewhere, either to a dedicated machine or
to a vserver/chroot/jail.

And if you have too much time on your hands, security audits on php
and mysql wouldn't hurt.

Jörn

-- 
All art is but imitation of nature.
-- Lucius Annaeus Seneca

next prev parent reply	other threads:[~2005-01-27 16:39 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-01-25 10:11 JFFS3 document Artem B. Bityuckiy
2005-01-26 20:51 ` Michael
2005-01-26 21:30   ` Josh Boyer
2005-01-27  9:47     ` David Woodhouse
2005-01-27 13:17       ` Jörn Engel
2005-01-27 16:10         ` JFFS3 document / wiki [OT] Cam
2005-01-27 16:38           ` Jörn Engel [this message]
2005-01-27 16:37             ` jasmine
2005-01-27 16:51               ` Jörn Engel
2005-01-27 17:35             ` Jörn Engel
2005-01-27 18:27             ` Cam
2005-01-27 19:01               ` Jörn Engel

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20050127163845.GA7755@wohnheim.fh-wedel.de \
    --to=joern@wohnheim.fh-wedel.de \
    --cc=camilo@mesias.co.uk \
    --cc=dwmw2@infradead.org \
    --cc=linux-mtd@lists.infradead.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox