Date: Thu, 05 Sep 2002 14:10:49 -0400 From: Kirk Bailey <idiot1@netzero.net> To: Billy Joe Jim Bob <jamie@gnulife.org> Cc: freebsd-newbies@freebsd.org Subject: Re: Security hole with Lynx Message-ID: <3D779E29.472455F4@netzero.net> References: <20020904234114.Q98124-100000@floyd.gnulife.org>
index | next in thread | previous in thread | raw e-mail
chmod 700 *.*
Billy Joe Jim Bob wrote:
>
> I've just discovered a security hole in one of my servers. It is
> FreeBSD 4.5 and I am running Apache on it. I've installed Lynx and the
> permissions on Lynx are 555, owned by root.wheel. Since it has world
> executable permission, anyone can download from anyones directory on the
> machine by simply connecting to localhost. What is the best way to buttun
> that up so that everyone can use the browser, but not everyone can access
> anybodys files?
>
> - Jamie
>
> "If you lose your bearings, your life won't go smoothly."
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-newbies" in the body of the message
--
end
Respectfully,
Kirk D Bailey
+---------------------"Thou Art Free." -Eris-----------------------+
| http://www.howlermonkey.net mailto:highprimate@howlermonkey.net |
| KILL spam dead! http://www.scambusters.org/stopspam/#Pledge |
| http://www.tinylist.org +--------+ mailto:grumpy@tinylist.org |
+------------------Thinking| NORMAL |Thinking----------------------+
+--------+
-------------------------------------------
Introducing NetZero Long Distance
Unlimited Long Distance only $29.95/ month!
Sign Up Today! www.netzerolongdistance.com
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-newbies" in the body of the message
help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3D779E29.472455F4>