[Chameleon-dev] [Bug 177] New: [wmsparse] security issue with wmsparse and IIS
Mon, 12 Jan 2004 08:51:50 -0500

           Summary: [wmsparse] security issue with wmsparse and IIS
           Product: Chameleon
           Version: 1.1
          Platform: PC
        OS/Version: Windows XP
            Status: NEW
          Severity: major
          Priority: P1
         Component: Core

(reported by Susan Holland-Hibbert on chameleon-users)

The wmsparse utility is executed via a 'system' or 'exec' call in PHP to parse
WMS capabilities into DBF files.  There is a security issue with this on Windows
when running IIS, the IIS user is required to have execute privileges on cmd.exe
in order to satisfy the system request.

Suggested solutions:

1. recode wmsparse as a cgi

2. recode wmsparse as a php module

Which option should we take?

------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

This archive was generated by Pipermail.