Vulnerability Development mailing list archives
Emacs backup files in cgi-bin
From: dphull () UKANS EDU (Dave Hull)
Date: Tue, 9 May 2000 21:40:48 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Initially when I tried this I thought that one of our local systems was vulnerable. However, it turns out that I had permissions set incorrectly on my local cgi-bin directory. By setting permissions to 700 even backup copies in the cgi-bin directory are unreadable. However, on systems which use php this is something which should be dealt with in the httpd.conf as php files must be set to rwxr-xr-x, hence backup copies with a tilde appended to them are readable, at least on my configuration they were. I have since corrected the problem by modifying httpd.conf. Dave Hull, Senior Information Technology Analyst LAN Support Services, University of Kansas gpg-> http://insipid.cc.ukans.edu/dphull/pubkey.html -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.3 for non-commercial use <http://www.pgp.com> iQA/AwUBORjMLxTf9Weyc+/pEQJxMACgvpcIAehJ70gHaUemJDqADMxTC1UAoOwE mtxclqIfcS0uOy4yBb+Gh9cN =3xwj -----END PGP SIGNATURE-----
Current thread:
- Emacs backup files in cgi-bin Dave Hull (May 09)