[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-security] RaQ2: Default user access/site permissions

Subject: RE: [cobalt-security] RaQ2: Default user access/site permissions
From: Matthias Pigulla <mp@xxxxxxxxxxxxx>
Date: Mon, 4 Sep 2000 15:42:31 +0200

Hi folks,

I have been waiting a week now... I'd like to hear any comments on this
workaround - if it is one? :-).

Thanks a lot,
Matthias

> -----Original Message-----
> From: Matthias Pigulla 
> Sent: Saturday, August 26, 2000 12:39 PM

> OK, I've been a bit off topic by now. Concerning our issue: What about
> setting the /home/siteX directories to httpd:siteX, chmod 
> 2750, and all
> files below them to [user]:siteX and either 640/750 or 
> 644/755 if they have
> to be httpd readable?
> 
> I think would block "foreign" users from entering other 
> customers (yeah,
> sites = customers :) directories. The http daemon could get 
> the directories
> for he owns them and does not need to be siteX group member.
> The siteX's are granted access by the siteX group they belong to.
> Admin would have to be part of alle site groups, and he already is.
> 
> I'm not sure wheter this would open another hole - you MUST 
> make sure that
> NOBODY (at least no untrusted user) is able to run processes 
> as http, or he
> could take over the whole site directory. So you must wrap all CGI
> processes.
--

 w e b f a c t o r y   G m b H
   Matthias Pigulla <mp@xxxxxxxxxxxxx> - Geschaeftsfuehrer
   Lessingstr. 60 - D-53113 Bonn - Germany - www.webfactory.de
   Fon +49(0)228-9114455 - Fax +49(0)228-9114499 - ICQ 6394233

Prev by Date: Re: [cobalt-security] URGENT Hacking
Next by Date: Re: [cobalt-security] URGENT Hacking
Previous by thread: Re: [cobalt-security] RaQ2: Default user access/site permissions
Next by thread: [cobalt-security] No password needed to login as admin bug

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index