On Mon, Sep 30, 2002 at 10:31:51PM -0500, [EMAIL PROTECTED] wrote: : : Here's more, from another security site (sounds ominous): : : REFERENCE: : http://www.securityfocus.com/cgi-bin/vulns-item.pl?section=info&id=3324 : # Each directory in the filesystem can contain a hidden object, : # ".DS_Store" containing data which includes a list of files stored : # there. This object is created when a local user views a given : # directory using the Finder. : # A remote attacker may read this directory content information by : # submitting a URL to the vulnerable host's web service of the following : # form: http://www.example.com/target_directory/.DS_store. : # This information could provide an attacker with sensitive information : # including system configuration, installed applications, etc. Properly : # exploited, this information could allow an attacker to further : # compromise the security of the host. : # SAFER : # Temporary workaround is to disallow remote access to .DS_store files. : # We are not aware of any vendor-supplied solutions for this issue.
This is not a problem for a well-tuned Apache server. The best fix is to completely disallow dot-files from being served. -- Eugene Lee [EMAIL PROTECTED] -- G-Books is sponsored by <http://lowendmac.com/> and... Small Dog Electronics http://www.smalldog.com | Refurbished Drives | -- Check our web site for refurbished PowerBooks | & CDRWs on Sale! | Support Low End Mac <http://lowendmac.com/lists/support.html> G-Books list info: <http://lowendmac.com/lists/g-books.html> --> AOL users, remove "mailto:"; Send list messages to: <mailto:[EMAIL PROTECTED]> To unsubscribe, email: <mailto:[EMAIL PROTECTED]> For digest mode, email: <mailto:[EMAIL PROTECTED]> Subscription questions: <mailto:[EMAIL PROTECTED]> Archive: <http://www.mail-archive.com/g-books%40mail.maclaunch.com/> Using a Mac? Free email & more at Applelinks! http://www.applelinks.com
