[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Apache running as root . . . .
- Subject: Re: [cobalt-security] Apache running as root . . . .
- From: Gerald Waugh <gwaugh@xxxxxxxxxxxxxxxxxxxxxxx>
- Date: Sat, 9 Feb 2002 15:50:21 -0500
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
On Saturday 09 February 2002 11:40 am, cbtrussell wrote:
> > might vary) could find more worrying. For instance that any FTP user can
> > wander outside his own directories and sniff around on almost the entire
> > machine. So there are no chrooted and sandboxed home directories and/or
> > services. Heck, even Bind-8 was running as user root for years, until a
> I was reading the docs for a shopping cart script the other day and it
> basically said if you encounter a host that allows you to browse other
> user's directories, you should "run, not walk, away - as fast as you can."
>
> Not a real issue for me because I don't have any users who maintain their
> sites themselves, but do you have an elegant solution to this problem?
> Every fix I've seen on the list has been rather scary....
>
> Brandon
That statement above is WRONG!!!
The RaQ (actually proftpd) jails the FTP user to his own directory tree.
--
Gerald Waugh
Registered Linux User 255245
Register at http://counter.li.org