[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Apache running as root . . . .
- Subject: Re: [cobalt-security] Apache running as root . . . .
- From: "cbtrussell" <cbtrussell@xxxxxxxxxxx>
- Date: Sat, 9 Feb 2002 11:40:25 -0500
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
> might vary) could find more worrying. For instance that any FTP user can
> wander outside his own directories and sniff around on almost the entire
> machine. So there are no chrooted and sandboxed home directories and/or
> services. Heck, even Bind-8 was running as user root for years, until a
long
Michael,
I was reading the docs for a shopping cart script the other day and it
basically said if you encounter a host that allows you to browse other
user's directories, you should "run, not walk, away - as fast as you can."
Not a real issue for me because I don't have any users who maintain their
sites themselves, but do you have an elegant solution to this problem? Every
fix I've seen on the list has been rather scary....
Brandon