Emergency patch for http://bugs.cacert.org/view.php?id=1070
This issue is deemed to require emergency fixing since leaving it unpatched would allow an attacker to execute arbitrary shell commands as the web server user inside the chroot (note 003056 in the above bug).
This commit is contained in:
Wytze van der Raay
parent
5280d57c36
commit
a145c99dbb
1 changed files with 2 additions and 1 deletions
|
|
@ -215,7 +215,8 @@
|
|||
|
||||
//echo "Points due to name matches: $points<br/>";
|
||||
|
||||
$do = `grep '$pwd' /usr/share/dict/american-english`;
|
||||
$shellpwd = escapeshellarg($pwd);
|
||||
$do = `grep $shellpwd /usr/share/dict/american-english`;
|
||||
if($do)
|
||||
$points--;
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue