Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: HTTPD bug
From: fitz () wang com (Tom Fitzgerald)
Date: Mon, 17 Apr 95 22:01:21 EDT


It allows you to create a directory in a users home dir that can be
accessed via mosaic/netscape.  well the bad bit of news is, if you sym
link this dir to root (/), file ownership becomes non existent.

i was easily able to read the shadow passwd file!

The easy fix is to run the daemon as nobody (which is what I do).
chroot'ing will also take care of this sort of problem.

I do this too (both chrooting and running as a user with no privs) but it
isn't a complete fix.  Users can still read the passwordfiles in the WWW
tree that contain the passwords used to get at restricted documents.  Users
can also read the httpd configuration files and the sources for CGI
scripts, which might be a problem on some systems.

The only real fix is to avoid following symlinks.  This requires a code
change to the CERN httpd, which doesn't have a config-file option for this.

-- 
Tom Fitzgerald    1-508-967-5278    Wang Labs, Lowell MA, USA    fitz () wang com



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]