[mythtv] mythvideo DB enhancement
Stuart Auchterlonie
stuarta at squashedfrog.net
Thu Jan 10 15:57:44 UTC 2008
George Nassas wrote:
> On 10-Jan-08, at 2:31 AM, Stuart Auchterlonie wrote:
>
>> However it's also a security issue.
>>
>
> Could you summarize how a break would occur? I saw a post from Chris
> that the code is clean but this thread is getting long and hard to follow.
>
Firstly i'll say it's theoretical and unlikely, but the general theory
with these goes along the lines of the following.
Say your SG directory is /myth/rec/
if the code allows / then the attacker would request the file called
../../etc/passwd
which when you string it together becomes
/myth/rec/../../etc/passwd = /etc/passwd
which as we are heading towards/ have already http access through the
backend, this provides an attacker a nice easy way to get your passwd
file etc.
Like i said it's unlikely, but thats the general theory.
It would require a few other things to not work as intended before
this could actually be made to work i suspect.
Stuart
More information about the mythtv-dev
mailing list