Reply to post: evil injection

Until last week, you could pwn KDE Linux desktop with a USB stick

Chris Gray 1
Stop

evil injection

For web servers, one of the big security problems for quite a few years has been SQL injection attacks. We solved those quickly, right? Right? Anyone?

So, for Unix-based boxes, script injection attacks will be solved just as quickly. Sigh.

Both work the same way - stuff that should not be trusted is blindly stuffed into command strings, and the command strings are then parsed and run with whatever privileges they "need". Its just plain a bad idea.

Do Windows servers have similar problems, or does Microsoft shipping huge binary blobs actually help with this?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019