Date: Wed, 22 Apr 1998 19:27:26 +0100 (BST) From: Scot Elliott <scot@online.barbour-index.co.uk> To: stable@FreeBSD.ORG Subject: Security stuff with sysinstall Message-ID: <Pine.BSF.3.96.980422192205.16307A-100000@tweetie.online.barbour-index.co.uk>
next in thread | raw e-mail | index | archive | help
Hi there. Just for information really... I just installed a 2.2.5-RELEASE version from CD. The web-counter package installs with the following permissions in /usr/local : drwxr-xr-x 3 nobody nogroup 512 Apr 22 16:57 www Of course, this means that if a CGI script is exploitable, it would be able to overwrite anything in my web hierachy. Same applies for /usr/local/www/cgi-bin. Bit of a mare. Was it supposed to be this way? Yours Scot. ----------------------------------------------------------------------------- Scot Elliott (scot@poptart.org) | Work: +44 (0)171 7046777 PGP fingerprint: FCAE9ED3A234FEB59F8C7F9DDD112D | Home: +44 (0)181 8961019 ----------------------------------------------------------------------------- Public key available by finger at: finger scot@poptart.org or at: http://www.poptart.org/pgpkey.html To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.980422192205.16307A-100000>