[TYPO3-core] RFC #12547: Bug: Default paths for Windows are not properly defined
Martin Kutschker
masi-no at spam-typo3.org
Fri Nov 20 10:13:19 CET 2009
Steffen Ritter schrieb:
> Martin Kutschker schrieb:
>> We could use the "Path" environment variable, but I think that this
>> might be used for an attack.
>
> how?
By sneaking a modified ENV into the system and by supplying an evil binary on the system.
I have read that trusting ENV is evil when it comes to security.
Masi
More information about the TYPO3-team-core
mailing list