Vulnerability Development mailing list archives
(no subject)
From: sgp () TELSATGP COM PL (Slawek)
Date: Fri, 7 Jul 2000 12:26:24 +0200
Hi, If user's home dir is flagged 0700 (or 750 or etc - so "world" cannot get there) that you'd get code 403. On multiuser boxes such flags for homedirs are rather common. User has to set o+x if he wants to create public_html. But in that situation we'll probably get result code 200 when trying to retrieve http://somehost/~userinquestion/ ;) Hopefully Apache has an option to map all 403 result codes to 404. Bye, Slawek ----- Original Message ----- From: "3APA3A" <3APA3A () SECURITY NNOV RU> To: <VULN-DEV () SECURITYFOCUS COM> Sent: Thursday, July 06, 2000 3:14 PM Subject: [VULN-DEV]
Hello The Incubus, 05.07.2000 21:03, you wrote: ; T> When we do www.redhatserver.com/~validlogin we get a 403, when we try
with
T> another login (which is not valid) we get a 404. This only depends on existance of public_html directory in user's home. If user has no public_html you will also get 404. Using of User's dir is configurable. By default UserDir public_html is in srm.conf /3APA3A
Current thread:
- Re: BitchX /ignore bug, (continued)
- Re: BitchX /ignore bug Ryan Yagatich (Jul 05)
- Re: BitchX /ignore bug Firstname Lastname (Jul 04)
- Re: Maximum Linux Security (d/l) rompa (Jul 10)
- Re: Default passwords er (Jul 04)
- Re: Default passwords Ex Machina (Jul 05)
- Re: Default passwords Rodrigo Barbosa (Jul 05)
- Re: Default passwords M J (Jul 05)
- (no subject) The Incubus (Jul 05)
- (no subject) Chris A. Mattingly (Jul 05)
- (no subject) 3APA3A (Jul 06)
- (no subject) Slawek (Jul 07)
- Re: apache and 404/404 status codes Shelagh Pepper (Jul 07)
- Re: apache and 404/404 status codes Mikael Olsson (Jul 07)
- Re: apache and 404/404 status codes tgs (Jul 07)
- 3-Com LanPlex 6000 Password Removal Ben Kruger (Jul 07)
- Re: apache and 404/404 status codes Bluefish (Jul 08)
- Re: apache and 404/404 status codes Slawek (Jul 08)
- Re: apache and 404/404 status codes Vincent Zweije (Jul 08)
- Re: your mail Bluefish (Jul 07)
- Finding default passwords (fascinating, simple and fun!) Eric Knight (Jul 04)
- Default passwords using Cisco ConfigMaker Runar Jensen (Jul 05)