Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

(no subject)

From: sgp () TELSATGP COM PL (Slawek)
Date: Fri, 7 Jul 2000 12:26:24 +0200

Hi,

If user's home dir is flagged 0700 (or 750 or etc - so "world" cannot get
there) that you'd get code 403.

On multiuser boxes such flags for homedirs are rather common.

User has to set o+x if he wants to create public_html. But in that situation
we'll probably get result code 200 when trying to retrieve
http://somehost/~userinquestion/ ;)

Hopefully Apache has an option to map all 403 result codes to 404.

Bye,
Slawek

----- Original Message -----
From: "3APA3A" <3APA3A () SECURITY NNOV RU>
To: <VULN-DEV () SECURITYFOCUS COM>
Sent: Thursday, July 06, 2000 3:14 PM
Subject: [VULN-DEV]


Hello The Incubus,

05.07.2000 21:03, you wrote: ;

T> When we do www.redhatserver.com/~validlogin we get a 403, when we try

with

T> another login (which is not valid) we get a 404.

This  only  depends  on  existance  of public_html directory in user's
home.  If  user  has  no  public_html  you will also get 404. Using of
User's dir is configurable. By default
 UserDir public_html
is in srm.conf

/3APA3A
Previous By Date Next
Previous By Thread Next

Current thread: