[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-security] Re: Re: Re: SSI Vuln on cobalt

Subject: RE: [cobalt-security] Re: Re: Re: SSI Vuln on cobalt
From: "Matthew Nuzum" <cobalt@xxxxxxxxxxxxx>
Date: Tue, 23 Apr 2002 13:00:56 -0400
Organization: Bearfruit.org
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

> > >
> > > Actually: Who owns a directory doesn't affect the file permissions
and
> > > file ownerships of anything within the directory.
> >
> > Actually, you are wrong.  It does affect who can create and remove
files
> > in that directory.
> >
> Chris is correct, I know it doesn't seem logical, but the owner of a
> directory
> can delete files owned by root, regardles of permissions....
> It's the directory ownership that rules....

How about one of these options: (all of which require a little manual
effort)
* Link to a master .htaccess (hard or soft).  Can the user delete a hard
link that is owned by root?
* Create a <Directory> statement in virtual site config specifying
everything that you would have put into the .htaccess.  I can't think of
anything that can go into a .htaccess file that can't go into a
<Directory></Directory> statement.
* (I think someone mentioned this) isn't there an ext2fs attribute that
prohibits deleting even by root?


Matthew Nuzum
www.bearfruit.org
cobalt@xxxxxxxxxxxxx

Follow-Ups:
- RE: [cobalt-security] Re: Re: Re: SSI Vuln on cobalt
  - From: Gerald Waugh

References:
- Re: [cobalt-security] Re: Re: Re: SSI Vuln on cobalt
  - From: Gerald Waugh

Prev by Date: RE: [cobalt-security] pmfirewall , IPCHAINS, CDONTS and mail forwarding
Next by Date: RE: [cobalt-security] Re: Re: Re: SSI Vuln on cobalt
Previous by thread: Re: [cobalt-security] Re: Re: Re: SSI Vuln on cobalt
Next by thread: RE: [cobalt-security] Re: Re: Re: SSI Vuln on cobalt

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index