Date: Sat, 9 Sep 2000 17:24:40 +0100 From: Ben Smithurst <ben@FreeBSD.org> To: Simakin Alexandr <simakin@inbox.ru> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: CGI-scripts security Message-ID: <20000909172440.B77593@strontium.scientia.demon.co.uk> In-Reply-To: <E13XmXc-000Ljj-00@hearst.mail.ru> References: <E13XmXc-000Ljj-00@hearst.mail.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
Simakin Alexandr wrote: > CGIWrap is cool, but if you have such files: > -rw-r--r-- 1 root wheel 1067 Sep 9 17:28 /etc/passwd > you can read this file even when CGIWrap installed, > find users with SU rights, lunch password finder utility > and so on. Have you actually LOOKED at /etc/passwd? Go count the number of actual passwords it contains. -- Ben Smithurst / ben@FreeBSD.org / PGP: 0x99392F7D To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000909172440.B77593>