Bugtraq mailing list archives
Mandrake 5.3/7.0, RedHat 5.2/5.3/6.0 + Apache BUG
From: "Kasatenko Ivan Alex." <skywriter () RNC RU>
Date: Mon, 31 Jul 2000 02:43:12 +0400
Lately my users helped me (in a way the call this ``hacking'' :) to discover one unpleasant feature: a home catalog of ``nobody'' user is "/" on most Mandrake's and RedHat's (any others?) I've seen, and with such a setting in the httpd.conf (I assume this is typical?)...
# UserDir: The name of the directory which is appended onto a user's home # directory if a ~user request is recieved. UserDir ./
.. any user may go to, for example, http://www.malconfigured-host.com/~nobody/etc/ and get a list of files in the /etc catalog. I assume this a hole. Sincerely, Ivan
Current thread:
- Mandrake 5.3/7.0, RedHat 5.2/5.3/6.0 + Apache BUG Kasatenko Ivan Alex. (Aug 01)
- Re: Mandrake 5.3/7.0, RedHat 5.2/5.3/6.0 + Apache BUG Daniel Garcia (Aug 01)