[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] Re: Re: SSI Vuln on cobalt

Subject: Re: [cobalt-security] Re: Re: SSI Vuln on cobalt
From: Jeff Lasman <jblists@xxxxxxxxxxxxx>
Date: Mon, 22 Apr 2002 20:59:02 -0700
Organization: nobaloney.net
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Chris Adams wrote:

> > For exmaple, if we create a root-owned .htaccess file, then site admins
> > can't easily install their own.
> 
> Since they own the directory (and have to, to create files), they can
> remove any .htaccess file root creates.

I concede the point that if people are smart enough to know that there's
an invisible .htaccess file owned by root in their upload directory they
can delete it.

Jeff
-- 
Jeff Lasman <jblists@xxxxxxxxxxxxx>
Linux and Cobalt/Sun/RaQ Consulting
nobaloney.net
P. O. Box 52672, Riverside, CA  92517
voice: (909) 778-9980  *  fax: (702) 548-9484

Follow-Ups:
- Re: [cobalt-security] Re: Re: SSI Vuln on cobalt
  - From: Mike Palamar

References:
- [cobalt-security] SSI Vuln on cobalt
  - From: Brett Wright
- Re: [cobalt-security] SSI Vuln on cobalt
  - From: Gerald Waugh
- [cobalt-security] Re: SSI Vuln on cobalt
  - From: Chris Adams
- Re: [cobalt-security] Re: SSI Vuln on cobalt
  - From: Jeff Lasman
- [cobalt-security] Re: Re: SSI Vuln on cobalt
  - From: Chris Adams

Prev by Date: RE: [cobalt-security] pmfirewall , IPCHAINS, CDONTS and mail forwarding
Next by Date: Re: [cobalt-security] Re: RE: SSI Vuln on cobalt
Previous by thread: [cobalt-security] Re: Re: SSI Vuln on cobalt
Next by thread: Re: [cobalt-security] Re: Re: SSI Vuln on cobalt

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index