Config file format - (Was: [ntp:hackers] FreeBSD serial ports)

Danny Mayer mayer at gis.net
Mon Feb 21 18:40:31 PST 2005


At 11:44 PM 2/20/2005, Harlan Stenn wrote:
>Please show me how *allowing* a URL to specify how the conf file gets 
>loaded is
>a hole.

you cannot imagine how ingenious hackers can get when they have
an opportunity. It's scary when you see it.

>All I'm saying is that I have seen many places where this capability would
>be a major win.

Please specify a few.

>   I'm not telling people to use it, and I'm not going to
>force anybody to use it.

That's not the point. The point is security and the few ways that it can
be broken into the better.

Danny

P.S. What's with all of the email addresses in the CC line? I got rid of them
as redundant.




More information about the hackers mailing list