[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-security] Re: Re: Re: SSI Vuln on cobalt
- Subject: RE: [cobalt-security] Re: Re: Re: SSI Vuln on cobalt
- From: "Matthew Nuzum" <cobalt@xxxxxxxxxxxxx>
- Date: Tue, 23 Apr 2002 13:00:56 -0400
- Organization: Bearfruit.org
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
> > >
> > > Actually: Who owns a directory doesn't affect the file permissions
and
> > > file ownerships of anything within the directory.
> >
> > Actually, you are wrong. It does affect who can create and remove
files
> > in that directory.
> >
> Chris is correct, I know it doesn't seem logical, but the owner of a
> directory
> can delete files owned by root, regardles of permissions....
> It's the directory ownership that rules....
How about one of these options: (all of which require a little manual
effort)
* Link to a master .htaccess (hard or soft). Can the user delete a hard
link that is owned by root?
* Create a <Directory> statement in virtual site config specifying
everything that you would have put into the .htaccess. I can't think of
anything that can go into a .htaccess file that can't go into a
<Directory></Directory> statement.
* (I think someone mentioned this) isn't there an ext2fs attribute that
prohibits deleting even by root?
Matthew Nuzum
www.bearfruit.org
cobalt@xxxxxxxxxxxxx