Bugtraq mailing list archives
Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure
From: Mike Ely <me () taupehat com>
Date: Tue, 13 Aug 2013 09:52:45 -0700
Seems to me we have two positions that aren't that far apart but due to various reasons the conversation has devolved into something less worthy of a public discussion than most of what I see on Bugtraq. FWIW I'm in the camp of "ship the software with secure defaults" but at the same time I agree that Reindl makes a valid point when he asks what exactly one means by "secure" (even if I don't agree with his reasoning in this case). That said, the conversation has really taken an ugly turn, and I am humbly and only speaking for myself requesting that all concerned take some time to cool off, go for a walk (down to the pub if that helps), and come back with a focus more on the technical question at hand rather than the emotional response that has been rising to the top. Thanks, Mike
Current thread:
- Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure, (continued)
- Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure Jeffrey Walton (Aug 12)
- Message not available
- Message not available
- Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure Reindl Harald (Aug 13)
- Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure coderaptor (Aug 13)
- Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure Reindl Harald (Aug 13)
- Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure coderaptor (Aug 13)
- Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure Reindl Harald (Aug 13)
- Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure terry white (Aug 13)
- Message not available
- Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure Chris Meisinger (Aug 13)
- Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure Jorge Dorantes (Aug 13)
- Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure James Birk (Aug 13)
- Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure Mike Ely (Aug 13)
- Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure Matthew Caron (Aug 13)
- Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure Stefan Kanthak (Aug 13)
- Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure Reindl Harald (Aug 13)