Bugtraq mailing list archives
Re: HTTPD bug
From: fitz () wang com (Tom Fitzgerald)
Date: Mon, 17 Apr 95 22:01:21 EDT
It allows you to create a directory in a users home dir that can be accessed via mosaic/netscape. well the bad bit of news is, if you sym link this dir to root (/), file ownership becomes non existent. i was easily able to read the shadow passwd file!
The easy fix is to run the daemon as nobody (which is what I do). chroot'ing will also take care of this sort of problem.
I do this too (both chrooting and running as a user with no privs) but it isn't a complete fix. Users can still read the passwordfiles in the WWW tree that contain the passwords used to get at restricted documents. Users can also read the httpd configuration files and the sources for CGI scripts, which might be a problem on some systems. The only real fix is to avoid following symlinks. This requires a code change to the CERN httpd, which doesn't have a config-file option for this. -- Tom Fitzgerald 1-508-967-5278 Wang Labs, Lowell MA, USA fitz () wang com
Current thread:
- Re: HTTPD bug Mr Martin J Hargreaves (Apr 16)
- Re: HTTPD bug Darren Reed (Apr 16)
- Re: HTTPD bug Baba Z Buehler (Apr 17)
- Re: HTTPD bug Mr Martin J Hargreaves (Apr 17)
- Re: HTTPD bug Joe Konczal (Apr 18)
- Re: HTTPD bug Mr Martin J Hargreaves (Apr 17)
- Re: HTTPD bug carson () lehman com (Apr 17)
- Re: HTTPD bug Tom Fitzgerald (Apr 17)