[mythtv] mythvideo DB enhancement

Stuart Auchterlonie stuarta at squashedfrog.net
Thu Jan 10 15:57:44 UTC 2008



George Nassas wrote:
> On 10-Jan-08, at 2:31 AM, Stuart Auchterlonie wrote:
> 
>> However it's also a security issue.
>>
> 
> Could you summarize how a break would occur? I saw a post from Chris 
> that the code is clean but this thread is getting long and hard to follow.
> 

Firstly i'll say it's theoretical and unlikely, but the general theory
with these goes along the lines of the following.

Say your SG directory is /myth/rec/

if the code allows / then the attacker would request the file called

../../etc/passwd

which when you string it together becomes

/myth/rec/../../etc/passwd = /etc/passwd

which as we are heading towards/ have already http access through the
backend, this provides an attacker a nice easy way to get your passwd
file etc.

Like i said it's unlikely, but thats the general theory.
It would require a few other things to not work as intended before
this could actually be made to work i suspect.


Stuart


More information about the mythtv-dev mailing list