On Monday, September 30, 2002, at 10:31 PM, [EMAIL PROTECTED] wrote: > Here's more, from another security site (sounds ominous): > > REFERENCE: > http://www.securityfocus.com/cgi-bin/vulns-item.pl?section=info&id=3324 > # Each directory in the filesystem can contain a hidden object, > ".DS_Store" containing data which includes a list of files stored > there. This object is created when a local user views a given directory > using the Finder. > # A remote attacker may read this directory content information by > submitting a URL to the vulnerable host's web service of the following > form: http://www.example.com/target_directory/.DS_store. > # This information could provide an attacker with sensitive information > including system configuration, installed applications, etc. Properly > exploited, this information could allow an attacker to further > compromise the security of the host. > SAFER > # Temporary workaround is to disallow remote access to .DS_store files. > We are not aware of any vendor-supplied solutions for this issue.
If you don't have Personal Web Sharing enabled in OS X (it's off unless you turned it on), then all of this is moot point. Plus.......... critical folders, such as anything with system config info, aren't even available to the web server unless you've modified the Apache config files manually. By default, the only directories available are each user's Sites folder, and a base folder for the web server itself. So, unless you've customized your web server config, this isn't a threat. And if you HAVE customized your web server enough for this to be a threat, you should know exactly how to eliminate the threat completely. -- G-Books is sponsored by <http://lowendmac.com/> and... Small Dog Electronics http://www.smalldog.com | Refurbished Drives | -- Check our web site for refurbished PowerBooks | & CDRWs on Sale! | Support Low End Mac <http://lowendmac.com/lists/support.html> G-Books list info: <http://lowendmac.com/lists/g-books.html> --> AOL users, remove "mailto:"; Send list messages to: <mailto:[EMAIL PROTECTED]> To unsubscribe, email: <mailto:[EMAIL PROTECTED]> For digest mode, email: <mailto:[EMAIL PROTECTED]> Subscription questions: <mailto:[EMAIL PROTECTED]> Archive: <http://www.mail-archive.com/g-books%40mail.maclaunch.com/> Using a Mac? Free email & more at Applelinks! http://www.applelinks.com
