Security Basics mailing list archives

Re: some permission problem?

From: Jeff Harris <jharris () rallycentral us>
Date: Wed, 7 May 2003 09:16:14 -0700 (PDT)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, 6 May 2003, Remington Winters wrote:

|Well, first off, by default, unless it is in the webroot folder, it cant be
|browsed to via the internet.  So this sounds like an exploited service.
|What webserver are you running, and what is the environment like?
|
|----- Original Message -----
|From: "SB CH" <chulmin2 () hotmail com>
|To: <security-basics () securityfocus com>
|Sent: Tuesday, May 06, 2003 12:29 AM
|Subject: some permission problem?
|
|> Hello, all.
|>
|> I found that some malicious man browsed /etc/passwd file by httpd.
|> So I would like to block to see /etc/passwd file by nobody(http user)
|> permission.
|> but as you know, any shell logging users should have read permission.
|>
|> So, is there any method to enable this?
|>
|> I think that only one method that all users are some group member except
|> nobody. and only group members can  read the /etc/passwd file, right?
|> but this work is so so hard at my system.

Check to make sure there aren't any links to / or /etc from anywhere that
is being served by httpd. Also, check to see if you're using
mod_auth_shadow or the like for authorization control. Make sure that your
httpd user can't login.

I belive that /etc/passwd is readable by everyone, but /etc/shadow is only
rw for root.

Jeff
- -- 
Registered Linux user #304026.
"lynx -source http://jharris.rallycentral.us/jharris.asc | gpg --import"
or "gpg --keyserver pgp.mit.edu --recv-key B0890FED"
Key fingerprint = 52FC 20BD 025A 8C13 5FC6  68C6 9CF9 46C2 B089 0FED


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Made with pgp4pine 1.76

iD8DBQE+uTFSnPlGwrCJD+0RAoWmAJ9frWL7fju2/Txa/D4qXik/QPhVTwCfVlCn
8ha7QbvXnnup04QDzzU4xmc=
=9akm
-----END PGP SIGNATURE-----



---------------------------------------------------------------------------
FastTrain has your solution for a great CISSP Boot Camp. The industry's most 
recognized corporate security certification track, provides a comprehensive 
prospectus based upon the core principle concepts of security. This ALL INCLUSIVE curriculum utilizes lectures, case 
studies and true hands-on utilization 
of pertinent security tools. For a limited time you can enter for a chance 
to win one of the latest technological innovations, the SEGWAY HT. 
Log onto http://www.securityfocus.com/FastTrain-security-basics 
----------------------------------------------------------------------------

Current thread:

some permission problem? SB CH (May 06)
- Re: some permission problem? Remington Winters (May 07)
  - Re: some permission problem? Jeff Harris (May 07)
- Re: some permission problem? martincad (May 07)
  - Re: some permission problem? Jason Burroughs (May 08)
- Re: some permission problem? buzzdee (May 07)
  - Re: some permission problem? Meritt James (May 07)
- Re: some permission problem? Jason Burroughs (May 07)
- Re: some permission problem? Barry Irwin (May 08)
- <Possible follow-ups>
- Re: some permission problem? SB CH (May 09)
  - Re: some permission problem? Devdas Bhagat (May 12)