Date: Wed, 4 Sep 2002 23:44:29 -0500 (CDT) From: Billy Joe Jim Bob <jamie@gnulife.org> To: freebsd-newbies@freebsd.org Subject: Security hole with Lynx Message-ID: <20020904234114.Q98124-100000@floyd.gnulife.org>
next in thread | raw e-mail | index | archive | help
I've just discovered a security hole in one of my servers. It is
FreeBSD 4.5 and I am running Apache on it. I've installed Lynx and the
permissions on Lynx are 555, owned by root.wheel. Since it has world
executable permission, anyone can download from anyones directory on the
machine by simply connecting to localhost. What is the best way to buttun
that up so that everyone can use the browser, but not everyone can access
anybodys files?
- Jamie
"If you lose your bearings, your life won't go smoothly."
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-newbies" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020904234114.Q98124-100000>