[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] POSSIBLE MAJOR SECURITY BREACH

Subject: Re: [cobalt-security] POSSIBLE MAJOR SECURITY BREACH
From: Jeff Lasman <jblists@xxxxxxxxxxxxx>
Date: Fri, 08 Feb 2002 12:34:48 -0800
Organization: nobaloney.net
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Todd Kirk wrote:

> Another point I should mention...no customer on this RAQ4R has shell
> access, some with FTP but they are only able to see from
> home/sites/www.domain.com/web on down

With a cgi-script they can see everything on the box.  Group and world
readable shadow* scripts are as dangerous as systems without shadow
passwords enabled.

Jeff
-- 
Jeff Lasman <jblists@xxxxxxxxxxxxx>
Linux and Cobalt/Sun/RaQ Consulting
nobaloney.net
P. O. Box 52672, Riverside, CA  92517
voice: (909) 778-9980  *  fax: (702) 548-9484

References:
- RE: [cobalt-security] POSSIBLE MAJOR SECURITY BREACH
  - From: Todd Kirk

Prev by Date: Re: [cobalt-security] POSSIBLE MAJOR SECURITY BREACH
Next by Date: Re: [cobalt-security] POSSIBLE MAJOR SECURITY BREACH
Previous by thread: Re: [cobalt-security] POSSIBLE MAJOR SECURITY BREACH
Next by thread: [cobalt-security] POSSIBLE MAJOR SECURITY BREACH

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index