[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-developers] FW: Cobalt RaQ 3 security hole?

Subject: Re: [cobalt-developers] FW: Cobalt RaQ 3 security hole?
From: "H.P. Stroebel" <hpstr@xxxxxxxxxxxxx>
Date: Fri Jul 21 01:51:24 2000
Organization: Rechtsanwalt

Tony schrieb:
> 
> Seems to be factory-default:
> Apache on port 81 DOES run as root/root.

it`s necessary, so the gui scripts can change the config files (they`re
running as root). if you change user/permissions, it will not work
anymore. maybe one could mess around with setuid-bits, but that`s a
risk, too.

i shut down apache for the gui (for some minutes, only to test it), and
the raq works without gui.

you can install ssl for the main site to encrypt the gui traffic.

if you don`t like it at all, you`ll have to shut down the gui (but why
did you buy a raq ?)
nevertheless, a raq 3 is not a very secure system. if you want that,
you`ll have to build one from scratch, which requires time and
relatively high unix skills, but that`s not the market that cobalt
points to (at least i think :-)

cu

-- 

H. P.  Stroebel, Germany

CGI-FAQ for Raq-Newbies :
http://users.iol.it/hpstr/

Yes, I do. But not Yahoo.

Follow-Ups:
- RE: [cobalt-developers] FW: Cobalt RaQ 3 security hole?
  - From: Lyle Scheer

References:
- [cobalt-developers] FW: Cobalt RaQ 3 security hole?
  - From: Tony

Prev by Date: Re: [cobalt-developers] Undefined subroutine using a CGI Script on a Raq3
Next by Date: Re: [cobalt-developers] FW: Cobalt RaQ 3 security hole?
Previous by thread: [cobalt-developers] FW: Cobalt RaQ 3 security hole?
Next by thread: RE: [cobalt-developers] FW: Cobalt RaQ 3 security hole?

Sun Cobalt Developers Message Index

Sun Cobalt Developers Thread Index