Reply to post: Re: @AC ...That's the unix way of doing things..

Server-jacking exploits for ImageMagick are so trivial, you'll scream

h4rm0ny

Re: @AC ...That's the unix way of doing things..

>>"Before you bash Linux/Unix... Looking at the exploit, unless you run ImageMagick as root, you're limiting the potential damage."

Something that runs as the webserver (ImageMagick is a library compiled into PHP amongst other things), then that's quite enough damage, thanks. Being able to connect to the sites database and run arbitrary commands, scan the entire webroot, and even (though this should normally be blocked by other measures) potentially write to it is not something that should be described as "Limited" without context.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2021