Tim Greer wrote:
>
>
>
>>MORE IMPORTANTLY,
>>/etc/passwd shouldn't be readable by the CGI server!
>>
>>
>
>Sure it should be! The default permissions (that are safe too) are 644
>for this file. Are you thinking of shadow or master.passwd???
>
>
It shouldn't...
There is no need for nobody/nobody to read /etc/passwd file. Of course
that the passwords are in /etc/shadow but I see no reason to show
everyone (or nobody in this case, hehehe) the list of users and it's shells.
Yes, the default permssions will allow user nobody to do just that,
that's why there are unix'es were you can setup extended permissions for
any file.
--
António Vasconcelos
/(Administrador de Sistemas)
ALL2IT-Infocomunicações, SA
Torre de Monsanto, 6º Piso
Miraflores, Algés
PORTUGAL
Telf.: + 351 21 412 39 50
Fax.: + 351 21 410 51 94/
*CONFIDENCIAL*: Esta mensagem contém informação confidencial ou material
privilegiado, e é só intencionada para os seus destinatários. De acordo
com a lei em vigor, se um erro originou que tenha recebido esta mensagem
por engano pedimos que, de imediato, notifique o remetente e a apague do
seu sistema sem a reproduzir.
*CONFIDENTIAL*: This e-mail contains proprietary information, some or
all of which may be legally privileged. It is for the intended
recipients only. According to the law in force, if an addressing or
transmission error has misdirected this e-mail, please notify the author
by replying to this e-mail and delete it from your system without
retaining a copy.
...................................................................................
Scanned OK by ALL-2-IT Anti-Virus Gateway
Received on Nov 05 2003
Intro
