From owner-freebsd-questions Sat Sep 9 10:33:51 2000 Delivered-To: freebsd-questions@freebsd.org Received: from scientia.demon.co.uk (scientia.demon.co.uk [212.228.14.13]) by hub.freebsd.org (Postfix) with ESMTP id CD3F437B423 for ; Sat, 9 Sep 2000 10:33:47 -0700 (PDT) Received: from strontium.scientia.demon.co.uk ([192.168.91.36] ident=root) by scientia.demon.co.uk with esmtp (Exim 3.16 #1) id 13XnQm-000OGb-00; Sat, 09 Sep 2000 17:24:40 +0100 Received: (from ben@localhost) by strontium.scientia.demon.co.uk (8.9.3/8.9.3) id RAA14223; Sat, 9 Sep 2000 17:24:40 +0100 (BST) (envelope-from ben) Date: Sat, 9 Sep 2000 17:24:40 +0100 From: Ben Smithurst To: Simakin Alexandr Cc: freebsd-questions@FreeBSD.ORG Subject: Re: CGI-scripts security Message-ID: <20000909172440.B77593@strontium.scientia.demon.co.uk> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2i In-Reply-To: Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Simakin Alexandr wrote: > CGIWrap is cool, but if you have such files: > -rw-r--r-- 1 root wheel 1067 Sep 9 17:28 /etc/passwd > you can read this file even when CGIWrap installed, > find users with SU rights, lunch password finder utility > and so on. Have you actually LOOKED at /etc/passwd? Go count the number of actual passwords it contains. -- Ben Smithurst / ben@FreeBSD.org / PGP: 0x99392F7D To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message