Huge exploit found in 2.7
Ok, I have downloaded the 2.7. Awesome pdf thing, it remembers the zoom between pages, and this is already better than standard xpdf, nice icons, blah blah blah. Ah and yes, I got to execute a ls > /opt/content/books/a.txt command. But on the other hand the remote Xserver approach seems promising. So what do I do? Wait for a crack via Xserver to be done? Do I explain how I did the ls so you people can try to run shell scripts via similar methods, risking to be patched in the security fix? Personally I think that any Xserver exploit will be patched in the future, because it is a real internet security issue.
|