Re: CGI source being exposed using "~"

[11a () GMX NET (Bluefish)]

> Nathan if the CGIs in that directory are owned by "root", then being able to

It would be the first case I ever heard of someone using root for
webmastering, but I suppose there's all kinds of stupidity ;)

> Had they bothered to set a good umask in their start-up scripts, like 'umask
> 066', then the existance of those backup files would not be a real problem.

How about locking into proxy logs etc? it seems fairly possible that these
vulnerabilities could have been uncovered and exploited without the
existence of these backupfiles?

CGI is a pain in the neck to make even semi-secure ;-)

..:::::::::::::::::::::::::::::::::::::::::::::::::..
     http://www.11a.nu || http://bluefish.11a.nu
    eleventh alliance development & security team