Re: [users@httpd] RE:[users@httpd] how to prevent an executing from /tmp

nocturnal Fri, 02 Jun 2006 03:52:18 -0700

Hi

Will this break file uploads using web forms?




Med vänliga hälsningar

Stefan Midjich aka nocturnal
[Swehack] http://swehack.se


[EMAIL PROTECTED] wrote:

Hi!

Someone often uploads files to /tmp and then executing in on the server withwebserver user priveleges. How to prevent it?

Thanks,
G.


One possibility is this:

<Location /tmp >
  <Limit GET HEAD POST>
    Order Deny,Allow
#    Deny from All
    Allow from All
  </Limit>
  <LimitExcept GET HEAD POST>
    Order Deny,Allow
    Deny from all
    Allow from 127.0.0.1
  </LimitExcept>
</Location>

The only one which can make than e.g. PUT /tmp/badcode.htm is than one from localost.


Greets

Oliver


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]




------------------------------------------------------------------------

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [users@httpd] RE:[users@httpd] how to prevent an executing from /tmp

Reply via email to