MapTools.org

[Chameleon-dev] [Bug 177] New: [wmsparse] security issue with wmsparse and IIS

bugzilla-daemon@www.maptools.org bugzilla-daemon@www.maptools.org
Mon, 12 Jan 2004 08:51:50 -0500
http://www.maptools.org/bugzilla/show_bug.cgi?id=177

           Summary: [wmsparse] security issue with wmsparse and IIS
           Product: Chameleon
           Version: 1.1
          Platform: PC
        OS/Version: Windows XP
            Status: NEW
          Severity: major
          Priority: P1
         Component: Core
        AssignedTo: chameleon-dev@lists.maptools.org
        ReportedBy: spencer@dmsolutions.ca


(reported by Susan Holland-Hibbert on chameleon-users)

The wmsparse utility is executed via a 'system' or 'exec' call in PHP to parse
WMS capabilities into DBF files.  There is a security issue with this on Windows
when running IIS, the IIS user is required to have execute privileges on cmd.exe
in order to satisfy the system request.

Suggested solutions:

1. recode wmsparse as a cgi

2. recode wmsparse as a php module

Which option should we take?



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.


This archive was generated by Pipermail.