From owner-freebsd-newbies  Wed Sep  4 22:24:32 2002
Delivered-To: freebsd-newbies@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id B675C37B400
	for <freebsd-newbies@FreeBSD.ORG>; Wed,  4 Sep 2002 22:24:29 -0700 (PDT)
Received: from mailsrv.otenet.gr (mailsrv.otenet.gr [195.170.0.5])
	by mx1.FreeBSD.org (Postfix) with ESMTP id C44C743E4A
	for <freebsd-newbies@FreeBSD.ORG>; Wed,  4 Sep 2002 22:24:28 -0700 (PDT)
	(envelope-from keramida@ceid.upatras.gr)
Received: from hades.hell.gr (patr530-b223.otenet.gr [212.205.244.231])
	by mailsrv.otenet.gr (8.12.4/8.12.4) with ESMTP id g855OOqt007341;
	Thu, 5 Sep 2002 08:24:26 +0300 (EEST)
Received: from hades.hell.gr (hades [127.0.0.1])
	by hades.hell.gr (8.12.6/8.12.6) with ESMTP id g855OO2m012091;
	Thu, 5 Sep 2002 08:24:24 +0300 (EEST)
	(envelope-from keramida@ceid.upatras.gr)
Received: (from charon@localhost)
	by hades.hell.gr (8.12.6/8.12.6/Submit) id g855ONDU012090;
	Thu, 5 Sep 2002 08:24:23 +0300 (EEST)
	(envelope-from keramida@ceid.upatras.gr)
Date: Thu, 5 Sep 2002 08:24:23 +0300
From: Giorgos Keramidas <keramida@ceid.upatras.gr>
To: Billy Joe Jim Bob <jamie@gnulife.org>
Cc: freebsd-newbies@FreeBSD.ORG
Subject: Re: Security hole with Lynx
Message-ID: <20020905052423.GL8069@hades.hell.gr>
References: <20020904234114.Q98124-100000@floyd.gnulife.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20020904234114.Q98124-100000@floyd.gnulife.org>
X-PGP-Fingerprint: C1EB 0653 DB8B A557 3829 00F9 D60F 941A 3186 03B6
Sender: owner-freebsd-newbies@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-newbies.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-newbies>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-newbies>
X-Loop: FreeBSD.org

On 2002-09-04 23:44 +0000, Billy Joe Jim Bob wrote:
>    I've just discovered a security hole in one of my servers. It is
> FreeBSD 4.5 and I am running Apache on it. I've installed Lynx and the
> permissions on Lynx are 555, owned by root.wheel. Since it has world
> executable permission, anyone can download from anyones directory on the
> machine by simply connecting to localhost. What is the best way to buttun
> that up so that everyone can use the browser, but not everyone can access
> anybodys files?

That seems more like an Apache configuration issue, than a lynx problem.

-- 
FreeBSD: The Power to Serve -- http://www.FreeBSD.org

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-newbies" in the body of the message