Security Basics mailing list archives

Re: some permission problem?

From: "Remington Winters" <fyreguy () rivetgeek com>
Date: Tue, 6 May 2003 13:10:04 -0700

Well, first off, by default, unless it is in the webroot folder, it cant be
browsed to via the internet.  So this sounds like an exploited service.
What webserver are you running, and what is the environment like?

----- Original Message -----
From: "SB CH" <chulmin2 () hotmail com>
To: <security-basics () securityfocus com>
Sent: Tuesday, May 06, 2003 12:29 AM
Subject: some permission problem?

Hello, all.

I found that some malicious man browsed /etc/passwd file by httpd.
So I would like to block to see /etc/passwd file by nobody(http user)
permission.
but as you know, any shell logging users should have read permission.

So, is there any method to enable this?

I think that only one method that all users are some group member except
nobody. and only group members can  read the /etc/passwd file, right?
but this work is so so hard at my system.

Also, I saw that some commercial host baed ips can do this.

any patch is available?


Thanks in advance and sorry for poor english.


_________________________________________________________________
책상위에 다리 올리고 느긋하게 즐긴다... MSN 온라인 상영관
http://vod.msn.co.kr


--------------------------------------------------------------------------

FastTrain has your solution for a great CISSP Boot Camp. The industry's

most

recognized corporate security certification track, provides a

comprehensive

prospectus based upon the core principle concepts of security. This ALL

INCLUSIVE curriculum utilizes lectures, case studies and true hands-on
utilization

of pertinent security tools. For a limited time you can enter for a chance
to win one of the latest technological innovations, the SEGWAY HT.
Log onto http://www.securityfocus.com/FastTrain-security-basics
--------------------------------------------------------------------------

--



---------------------------------------------------------------------------
FastTrain has your solution for a great CISSP Boot Camp. The industry's most 
recognized corporate security certification track, provides a comprehensive 
prospectus based upon the core principle concepts of security. This ALL INCLUSIVE curriculum utilizes lectures, case 
studies and true hands-on utilization 
of pertinent security tools. For a limited time you can enter for a chance 
to win one of the latest technological innovations, the SEGWAY HT. 
Log onto http://www.securityfocus.com/FastTrain-security-basics 
----------------------------------------------------------------------------

Current thread:

some permission problem? SB CH (May 06)
- Re: some permission problem? Remington Winters (May 07)
  - Re: some permission problem? Jeff Harris (May 07)
- Re: some permission problem? martincad (May 07)
  - Re: some permission problem? Jason Burroughs (May 08)
- Re: some permission problem? buzzdee (May 07)
  - Re: some permission problem? Meritt James (May 07)
- Re: some permission problem? Jason Burroughs (May 07)
- Re: some permission problem? Barry Irwin (May 08)
- <Possible follow-ups>
- Re: some permission problem? SB CH (May 09)
  - Re: some permission problem? Devdas Bhagat (May 12)