Home page logo
/

basics logo Security Basics mailing list archives

some permission problem?
From: "SB CH" <chulmin2 () hotmail com>
Date: Tue, 06 May 2003 07:29:11 +0000

Hello, all. I found that some malicious man browsed /etc/passwd file by httpd. So I would like to block to see /etc/passwd file by nobody(http user) permission. but as you know, any shell logging users should have read permission. So, is there any method to enable this? I think that only one method that all users are some group member except nobody. and only group members can read the /etc/passwd file, right? but this work is so so hard at my system. Also, I saw that some commercial host baed ips can do this. any patch is available?

Thanks in advance and sorry for poor english.

_________________________________________________________________
책상위에 다리 올리고 느긋하게 즐긴다... MSN 온라인 상영관 http://vod.msn.co.kr

---------------------------------------------------------------------------
FastTrain has your solution for a great CISSP Boot Camp. The industry's most recognized corporate security certification track, provides a comprehensive prospectus based upon the core principle concepts of security. This ALL INCLUSIVE curriculum utilizes lectures, case studies and true hands-on utilization of pertinent security tools. For a limited time you can enter for a chance to win one of the latest technological innovations, the SEGWAY HT. Log onto http://www.securityfocus.com/FastTrain-security-basics ----------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]