Hi! Steve Rudd with more "disconsolate mumbling" (great term g)
So if I did publish a user name and password (not that I would) that had
pop 3 and ftp access with no shell access and was restricted to public html
directories, is that a risk to the rest of the system? A standard public
box has
On Fri, Feb 23, 2001 at 09:57:30AM -0500, Steve Rudd wrote:
Hi! Steve Rudd with more "disconsolate mumbling" (great term g)
So if I did publish a user name and password (not that I would) that had
pop 3 and ftp access with no shell access and was restricted to public html
directories, is
Peter Cords said:
If you allow execution of
CGI programs from public_html, then users will be able to execute code
(probably under their UID). Then you have to secure your machine against
local exploits. Obviously, you should do this anyway, but if crackers can
run arbitrary code (as a
Yes. Normal users ( such as the www-data user that will execute the
cgi script ) can open ports above 1024 and run whatever they want.
You could do neat tricks like giving each user their own apache
daemon and documentroot and everything, and using an apache or
squid proxy to let the outside
On Fri, Feb 23, 2001 at 12:12:39PM -0500, Steve Rudd wrote:
Peter Cords said:
[...]
Note that if you allow execution of arbitrary CGI programs, the CGI program
could do anything, including start a shell listening on a TCP port, or even
sshd, for someone to connect to. Allowing
Hi! Steve Rudd with more disconsolate mumbling (great term g)
So if I did publish a user name and password (not that I would) that had
pop 3 and ftp access with no shell access and was restricted to public html
directories, is that a risk to the rest of the system? A standard public
box has
On Fri, Feb 23, 2001 at 09:57:30AM -0500, Steve Rudd wrote:
Hi! Steve Rudd with more disconsolate mumbling (great term g)
So if I did publish a user name and password (not that I would) that had
pop 3 and ftp access with no shell access and was restricted to public html
directories, is
Peter Cords said:
If you allow execution of
CGI programs from public_html, then users will be able to execute code
(probably under their UID). Then you have to secure your machine against
local exploits. Obviously, you should do this anyway, but if crackers can
run arbitrary code (as a
Yes. Normal users ( such as the www-data user that will execute the
cgi script ) can open ports above 1024 and run whatever they want.
You could do neat tricks like giving each user their own apache
daemon and documentroot and everything, and using an apache or
squid proxy to let the outside get
On Fri, Feb 23, 2001 at 12:12:39PM -0500, Steve Rudd wrote:
Peter Cords said:
[...]
Note that if you allow execution of arbitrary CGI programs, the CGI program
could do anything, including start a shell listening on a TCP port, or even
sshd, for someone to connect to. Allowing arbitrary
10 matches
Mail list logo
