Home page logo
/

basics logo Security Basics mailing list archives

Re: some permission problem?
From: <martincad () fibertel com ar>
Date: Wed, 7 May 2003 18:34:03 -0300

I think you don't have to warry if you use Shadow passwords
Do you use it  ?

----- Original Message -----
From: "SB CH" <chulmin2 () hotmail com>
To: <security-basics () securityfocus com>
Sent: Tuesday, May 06, 2003 4:29 AM
Subject: some permission problem?


Hello, all.

I found that some malicious man browsed /etc/passwd file by httpd.
So I would like to block to see /etc/passwd file by nobody(http user)
permission.
but as you know, any shell logging users should have read permission.

So, is there any method to enable this?

I think that only one method that all users are some group member except
nobody. and only group members can  read the /etc/passwd file, right?
but this work is so so hard at my system.

Also, I saw that some commercial host baed ips can do this.

any patch is available?


Thanks in advance and sorry for poor english.


_________________________________________________________________
FastTrain has your solution for a great CISSP Boot Camp. The industry's
most
recognized corporate security certification track, provides a
comprehensive
prospectus based upon the core principle concepts of security. This ALL
INCLUSIVE curriculum utilizes lectures, case studies and true hands-on
utilization
of pertinent security tools. For a limited time you can enter for a chance
to win one of the latest technological innovations, the SEGWAY HT.
Log onto http://www.securityfocus.com/FastTrain-security-basics
--------------------------------------------------------------------------
--



---------------------------------------------------------------------------
FastTrain has your solution for a great CISSP Boot Camp. The industry's most 
recognized corporate security certification track, provides a comprehensive 
prospectus based upon the core principle concepts of security. This ALL INCLUSIVE curriculum utilizes lectures, case 
studies and true hands-on utilization 
of pertinent security tools. For a limited time you can enter for a chance 
to win one of the latest technological innovations, the SEGWAY HT. 
Log onto http://www.securityfocus.com/FastTrain-security-basics 
----------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]