[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] Apache running as root . . . .

Subject: Re: [cobalt-security] Apache running as root . . . .
From: "cbtrussell" <cbtrussell@xxxxxxxxxxx>
Date: Sat, 9 Feb 2002 11:40:25 -0500
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

> might vary) could find more worrying. For instance that any FTP user can
> wander outside his own directories and sniff around on almost the entire
> machine. So there are no chrooted and sandboxed home directories and/or
> services. Heck, even Bind-8 was running as user root for years, until a
long

Michael,

I was reading the docs for a shopping cart script the other day and it
basically said if you encounter a host that allows you to browse other
user's directories, you should "run, not walk, away - as fast as you can."

Not a real issue for me because I don't have any users who maintain their
sites themselves, but do you have an elegant solution to this problem? Every
fix I've seen on the list has been rather scary....

Brandon

Follow-Ups:
- Re: [cobalt-security] Apache running as root . . . .
  - From: Michael Stauber
- Re: [cobalt-security] Apache running as root . . . .
  - From: Gerald Waugh

References:
- Re: [cobalt-security] POSSIBLE MAJOR SECURITY BREACH
  - From: Nico Meijer
- [cobalt-security] Apache running as root . . . .
  - From: Fragga
- Re: [cobalt-security] Apache running as root . . . .
  - From: Michael Stauber

Prev by Date: Re: [cobalt-security] POSSIBLE MAJOR SECURITY BREACH
Next by Date: Re: [cobalt-security] Apache running as root . . . .
Previous by thread: Re: [cobalt-security] Apache running as root . . . .
Next by thread: Re: [cobalt-security] Apache running as root . . . .

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index