Bugtraq mailing list archives
Re: HTTPD bug
From: carson () lehman com (carson () lehman com)
Date: Mon, 17 Apr 1995 13:18:08 -0400
"Martin" == Martin J Hargreaves <ch11mh () surrey ac uk> writes:
Martin> I don't think this has been brought up on bugtraq yet, if it Martin> has sorry. This is from Linux-security, posted by "Mr Pink Martin> (vince () dallas demon co uk) apologies to Mr. Pink for my instant Martin> repost. Martin> On Sun, 16 Apr 1995, Mr Pink wrote:
It allows you to create a directory in a users home dir that can be accessed via mosaic/netscape. well the bad bit of news is, if you sym link this dir to root (/), file ownership becomes non existent. i was easily able to read the shadow passwd file!
The easy fix is to run the daemon as nobody (which is what I do). chroot'ing will also take care of this sort of problem. -- Carson Gaspar -- carson () cs columbia edu carson () lehman com <This is the boring business .sig - no outre sayings here>
Current thread:
- Re: HTTPD bug Mr Martin J Hargreaves (Apr 16)
- Re: HTTPD bug Darren Reed (Apr 16)
- Re: HTTPD bug Baba Z Buehler (Apr 17)
- Re: HTTPD bug Mr Martin J Hargreaves (Apr 17)
- Re: HTTPD bug Joe Konczal (Apr 18)
- Re: HTTPD bug Mr Martin J Hargreaves (Apr 17)
- Re: HTTPD bug carson () lehman com (Apr 17)
- Re: HTTPD bug Tom Fitzgerald (Apr 17)