SecurityFocus

Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure Aug 12 2013 11:45PM
coderaptor (coderaptor gmail com) (2 replies)

Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure Aug 13 2013 12:29PM
Matthew Caron (Matt Caron redlion net)

Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure Aug 13 2013 07:55AM
Reindl Harald (h reindl thelounge net) (3 replies)

Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure Aug 13 2013 04:52PM
Mike Ely (me taupehat com)

Seems to me we have two positions that aren't that far apart but due to various reasons the conversation has devolved into something less worthy of a public discussion than most of what I see on Bugtraq. FWIW I'm in the camp of "ship the software with secure defaults" but at the same time I agree that Reindl makes a valid point when he asks what exactly one means by "secure" (even if I don't agree with his reasoning in this case).

That said, the conversation has really taken an ugly turn, and I am humbly and only speaking for myself requesting that all concerned take some time to cool off, go for a walk (down to the pub if that helps), and come back with a focus more on the technical question at hand rather than the emotional response that has been rising to the top.

Thanks,
Mike

[ reply ]

Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure Aug 13 2013 12:11PM
James Birk (jamesbirk gmail com)

Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure Aug 13 2013 11:37AM
terry white (twhite aniota com)