Hi! Steve Rudd with more "disconsolate mumbling" (great term g)
So if I did publish a user name and password (not that I would) that had
pop 3 and ftp access with no shell access and was restricted to public html
directories, is that a risk to the rest of the system? A standard public
box has
On Thursday, February 22, 2001, 8:09:36 PM, andre wrote:
I've used macs as servers for fairly large numbers of people working for a
school district (k12 districts aren't into *nixes much yet, at least mine
wasn't...). It ran webstar (httpd), eims (mail), quickdns pro, and
netpresenz (ftpd).
On Fri, Feb 23, 2001 at 09:57:30AM -0500, Steve Rudd wrote:
Hi! Steve Rudd with more "disconsolate mumbling" (great term g)
So if I did publish a user name and password (not that I would) that had
pop 3 and ftp access with no shell access and was restricted to public html
directories, is
Peter Cords said:
If you allow execution of
CGI programs from public_html, then users will be able to execute code
(probably under their UID). Then you have to secure your machine against
local exploits. Obviously, you should do this anyway, but if crackers can
run arbitrary code (as a
Yes. Normal users ( such as the www-data user that will execute the
cgi script ) can open ports above 1024 and run whatever they want.
You could do neat tricks like giving each user their own apache
daemon and documentroot and everything, and using an apache or
squid proxy to let the outside
On Fri, Feb 23, 2001 at 12:12:39PM -0500, Steve Rudd wrote:
Peter Cords said:
[...]
Note that if you allow execution of arbitrary CGI programs, the CGI program
could do anything, including start a shell listening on a TCP port, or even
sshd, for someone to connect to. Allowing
On Thu, Feb 22, 2001 at 10:50:57PM -0500, Bob Bernstein wrote:
On Thu, 22 Feb 2001 13:43:55 -0500, Steve Rudd mumbled disconsolately:
Why I could even post them on my root page and taunt
hackers to try and break in with them! I could even offer a 1000 prize for
anyone who can crack
Hi! Steve Rudd with more disconsolate mumbling (great term g)
So if I did publish a user name and password (not that I would) that had
pop 3 and ftp access with no shell access and was restricted to public html
directories, is that a risk to the rest of the system? A standard public
box has
On Thursday, February 22, 2001, 8:09:36 PM, andre wrote:
I've used macs as servers for fairly large numbers of people working for a
school district (k12 districts aren't into *nixes much yet, at least mine
wasn't...). It ran webstar (httpd), eims (mail), quickdns pro, and
netpresenz (ftpd). In
On Fri, Feb 23, 2001 at 09:57:30AM -0500, Steve Rudd wrote:
Hi! Steve Rudd with more disconsolate mumbling (great term g)
So if I did publish a user name and password (not that I would) that had
pop 3 and ftp access with no shell access and was restricted to public html
directories, is
Peter Cords said:
If you allow execution of
CGI programs from public_html, then users will be able to execute code
(probably under their UID). Then you have to secure your machine against
local exploits. Obviously, you should do this anyway, but if crackers can
run arbitrary code (as a
This rather disturbs me, since I depend on sudo far too much..
- Forwarded message from Gossi The Dog [EMAIL PROTECTED] -
Delivered-To: [EMAIL PROTECTED]
Approved-By: [EMAIL PROTECTED]
Delivered-To: [EMAIL PROTECTED]
Delivered-To: bugtraq@securityfocus.com
Date: Fri, 23 Feb 2001
Yes. Normal users ( such as the www-data user that will execute the
cgi script ) can open ports above 1024 and run whatever they want.
You could do neat tricks like giving each user their own apache
daemon and documentroot and everything, and using an apache or
squid proxy to let the outside get
On Fri, Feb 23, 2001 at 12:12:39PM -0500, Steve Rudd wrote:
Peter Cords said:
[...]
Note that if you allow execution of arbitrary CGI programs, the CGI program
could do anything, including start a shell listening on a TCP port, or even
sshd, for someone to connect to. Allowing arbitrary
14 matches
Mail list logo
