Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995

[panzer () dhp com (Panzer Boy)]

Perry E. Metzger (perry () piermont com) wrote:
: > I want to check my linux and my ISP's FreeBSD. Bugtraq is FULL
: > DISCLOSURE !! So, please post source/ scripts now !
: I don't see that you need an exploit script to check this. Simply
: checking your implementation of syslog(3) is enough. If you can't read
: C source code, well, sorry.

Originally when this came out, no one even had a test to see if your were
attackable.  It did show up shortly after that, though I'm not sure if I
actually saw it on bugtraq or elsewhere.

And most people can't legally check to see if there syslog is attackable
by reading source code, as many vendors don't give you source code.
Please don't reply with the "so don't buy those vendors code", because
bugtraq isn't about religous warfare over OS's and which Editor is better.

OB BugTraq, does a user making a "~/public_html/root_dir -> /" link do
what you think it does on your web server?  Maybe this isn't a hot
idea...  Even worse if you nfs mount users pages via a web server that
does other tasks also...

Try adding this to "access.conf" on apache 0.8.11 or ncsa 1.4 (not sure
about how CERN handles this).  "SymLinksIfOwnerMatch" is only vaguely
documented.

<Directory /*/public_html*>
AllowOverride None
Options Indexes SymLinksIfOwnerMatch
</Directory>

--
 -Matt     (panzer () dhp com)                         DI-1-9026
 "That which can never be enforced should not be prohibited."