[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Potential security issue with LedgerSMB (inherited from SL)



Sorry, I must have it tab  by mistake...  Continuing here...

On 9/11/06, Chris Travers <..hidden.. > wrote:
Chris, you want to comment on this?

From what I have seen, the fact that the xterm directory is missing already makes this a problem out of the box with SQL-Ledger 2.6.x.

Of course, this doesn't prevent you from setting an HTTP-USER-AGENT

environment variable and then treating this as a cgi script.  So some scripts might require some slight modifications (I would be happy to help provide a toolkit to do that for backwards compatibility).

On 9/11/06, Darrick Hartman <..hidden..> wrote:
Chris Travers wrote:
>
>
>     BTW, the terminal problem is still an issue. bin/xterm doesn't exist,
>     and when I try to run any of the scripts from the terminal, it tries
>     to include these. Is this a dumb user problem or is terminal broken in
>     LedgerSMB and/or SL?
>
>
> In 2.4.x bin/xterm was basically a symlink to bin/lynx
>
> THe fact that it is not there in 2.6 is an indication that nobody uses
> it.  Which is a good thing as far as the security issue is concerned.
>
Does removal of the terminal code mean that running one of the scripts
such as:

perl is.pl
"action="" won't
work in the future with ledgersmb?

I've been doing something similar to initiate backups of sql-ledger for
a long time.

Darrick

--
Darrick Hartman
DJH Solutions, LLC
http://www.djhsolutions.com

-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Ledger-smb-devel mailing list
..hidden..
https://lists.sourceforge.net/lists/listinfo/ledger-smb-devel