Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: HTTPD bug
From: avalon () coombs anu edu au (Darren Reed)
Date: Mon, 17 Apr 1995 13:05:11 +1000 (EST)


In some mail from Mr Martin J Hargreaves, they said:


      I don't think this has been brought up on bugtraq yet, if it has 
sorry. This is from Linux-security, posted by "Mr Pink 
(vince () dallas demon co uk) apologies to Mr. Pink for my instant repost.

On Sun, 16 Apr 1995, Mr Pink wrote:


Hello all,
i was browsing thru alt.2600, as you do, and spotted something of interest
it appears there is a problem with the CERN httpd.

It allows you to create a directory in a users home dir that can be 
accessed via mosaic/netscape.  well the bad bit of news is, if you sym link
this dir to root (/), file ownership becomes non existent.

i was easily able to read the shadow passwd file!

You can't save users or sys-admins from themselves, as this goes to show.

I started writing something up on httpd and security, quite a few months
ago, but never really had the time to get back to it (was playing with
CERN httpd 3.0pre6 at the time).  Did a bit of RTFS too which was hmmm...
interesting.  [http://www.arbld.unimelb.edu.au/~darrenr/httpd.ps if you're
really interested but the WWW sucks so...]
-------excert from my /etc/httpd.conf--------
UserDir         www
SecurityLevel   high
UserId          nobody
GroupId         nogroup
ParentUserId    nobody
ParentGroupId   nogroup
#
DirAccess       off
DirReadme       top
DirShowHidden   off
DirShowBytes    on
DirShowCase     on
DirShowMode     off
DirShowOwner    off
DirShowGroup    off
---------------------------------------------
Make sure all of those are set as above.  httpd is *NOT* meant to be run
as root, which is the *ONLY* way it will read your shadow passwd file unless
the file perms on it are stuffed anyway.

darren



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault