Security Basics mailing list archives
Re: some permission problem?
From: Jason Burroughs <jdog1016 () hotpop com>
Date: Wed, 07 May 2003 23:11:04 -0400
That's true, but the real issue is not merely the fact that /etc/passwd can be accessed but the fact that *by default* (assuming apache), httpd will allow clients to arbitrarily walk through the entire filesystem and any file that httpd can read from is fair game for a client. martincad () fibertel com ar wrote:
I think you don't have to warry if you use Shadow passwords Do you use it ? ----- Original Message ----- From: "SB CH" <chulmin2 () hotmail com> To: <security-basics () securityfocus com> Sent: Tuesday, May 06, 2003 4:29 AM Subject: some permission problem?Hello, all. I found that some malicious man browsed /etc/passwd file by httpd. So I would like to block to see /etc/passwd file by nobody(http user) permission. but as you know, any shell logging users should have read permission. So, is there any method to enable this? I think that only one method that all users are some group member except nobody. and only group members can read the /etc/passwd file, right? but this work is so so hard at my system. Also, I saw that some commercial host baed ips can do this. any patch is available? Thanks in advance and sorry for poor english.
--------------------------------------------------------------------------- FastTrain has your solution for a great CISSP Boot Camp. The industry's most recognized corporate security certification track, provides a comprehensive prospectus based upon the core principle concepts of security. This ALL INCLUSIVE curriculum utilizes lectures, case studies and true hands-on utilization of pertinent security tools. For a limited time you can enter for a chance to win one of the latest technological innovations, the SEGWAY HT. Log onto http://www.securityfocus.com/FastTrain-security-basics ----------------------------------------------------------------------------
Current thread:
- some permission problem? SB CH (May 06)
- Re: some permission problem? Remington Winters (May 07)
- Re: some permission problem? Jeff Harris (May 07)
- Re: some permission problem? martincad (May 07)
- Re: some permission problem? Jason Burroughs (May 08)
- Re: some permission problem? buzzdee (May 07)
- Re: some permission problem? Meritt James (May 07)
- Re: some permission problem? Jason Burroughs (May 07)
- Re: some permission problem? Barry Irwin (May 08)
- <Possible follow-ups>
- Re: some permission problem? SB CH (May 09)
- Re: some permission problem? Devdas Bhagat (May 12)
- Re: some permission problem? Remington Winters (May 07)