Security Basics mailing list archives
Re: some permission problem?
From: "SB CH" <chulmin2 () hotmail com>
Date: Fri, 09 May 2003 12:57:02 +0000
Thanks again for all your kind answer.But there is another way like some other user's file include /etc/passwd, like dbconn.inc which contains a username and password of the db(like mysql. oracle...) in web hosting server.
As a matter of fact, anyone can read these files easily using fileopen() like perl or php function by web. Is there any method against this attack?
Thanks again. ----- Original Message ----- From: "SB CH" <chulmin2 () hotmail com> To: <security-basics () securityfocus com> Sent: Tuesday, May 06, 2003 12:29 AM Subject: some permission problem? > Hello, all. > > I found that some malicious man browsed /etc/passwd file by httpd. > So I would like to block to see /etc/passwd file by nobody(http user) > permission. > but as you know, any shell logging users should have read permission. > > So, is there any method to enable this? > > I think that only one method that all users are some group member except > nobody. and only group members can read the /etc/passwd file, right? > but this work is so so hard at my system. > > Also, I saw that some commercial host baed ips can do this. > > any patch is available? > > > Thanks in advance and sorry for poor english. > > > _________________________________________________________________ > 책상위에 다리 올리고 느긋하게 즐긴다... MSN 온라인 상영관 > http://vod.msn.co.kr > >> --------------------------------------------------------------------------
- > FastTrain has your solution for a great CISSP Boot Camp. The industry's most > recognized corporate security certification track, provides a comprehensive > prospectus based upon the core principle concepts of security. This ALL INCLUSIVE curriculum utilizes lectures, case studies and true hands-on utilization> of pertinent security tools. For a limited time you can enter for a chance
> to win one of the latest technological innovations, the SEGWAY HT. > Log onto http://www.securityfocus.com/FastTrain-security-basics> --------------------------------------------------------------------------
-- > ---------------------------------------------------------------------------FastTrain has your solution for a great CISSP Boot Camp. The industry's most
recognized corporate security certification track, provides a comprehensiveprospectus based upon the core principle concepts of security. This ALL INCLUSIVE curriculum utilizes lectures, case studies and true hands-on utilization
of pertinent security tools. For a limited time you can enter for a chance to win one of the latest technological innovations, the SEGWAY HT. Log onto http://www.securityfocus.com/FastTrain-security-basics ---------------------------------------------------------------------------- _________________________________________________________________고.. 감.. 도.. 사.. 랑.. 만.. 들.. 기.. MSN 러브 http://www.msn.co.kr/love/
---------------------------------------------------------------------------FastTrain has your solution for a great CISSP Boot Camp. The industry's most recognized corporate security certification track, provides a comprehensive prospectus based upon the core principle concepts of security. This ALL INCLUSIVE curriculum utilizes lectures, case studies and true hands-on utilization of pertinent security tools. For a limited time you can enter for a chance to win one of the latest technological innovations, the SEGWAY HT. Log onto http://www.securityfocus.com/FastTrain-security-basics ----------------------------------------------------------------------------
Current thread:
- some permission problem? SB CH (May 06)
- Re: some permission problem? Remington Winters (May 07)
- Re: some permission problem? Jeff Harris (May 07)
- Re: some permission problem? martincad (May 07)
- Re: some permission problem? Jason Burroughs (May 08)
- Re: some permission problem? buzzdee (May 07)
- Re: some permission problem? Meritt James (May 07)
- Re: some permission problem? Jason Burroughs (May 07)
- Re: some permission problem? Barry Irwin (May 08)
- <Possible follow-ups>
- Re: some permission problem? SB CH (May 09)
- Re: some permission problem? Devdas Bhagat (May 12)
- Re: some permission problem? Remington Winters (May 07)