[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] telnet on raq3 allows users to view source ofother sites
- Subject: Re: [cobalt-users] telnet on raq3 allows users to view source ofother sites
- From: Luc Schiltz <becher@xxxxxx>
- Date: Sat Feb 19 07:37:31 2000
> I believe this is generally the case with telnet access. Any user can read
> any file on the server, although the files he/she does not have ownership
> to
> cannot be modified or deleted.
but cobalt has defined specific groups, so a user from group 1 should not be able to read anything from group 2 ?
luc
> Regards,
> David
>> From: Luc Schiltz <becher@xxxxxx>
>> Reply-To: cobalt-users@xxxxxxxxxxxxxxx
>> Date: Sat, 19 Feb 2000 13:05:02 +0100
>> To: cobalt-users@xxxxxxxxxxxxx
>> Subject: [cobalt-users] telnet on raq3 allows users to view source of
>> other
>> sites
>>
>> hi,
>>
>> why has anybody, who got telnet access, access to other sites e.g
>>
>> I created a user called test with telnet access
>> this user test logs into the raq3 an can cd /home/sites/site14
>> do an ls -la of the web directory etc ...
>>
>> is there any patch available for this ? as this presents a big security
>> hole,
>> e.g.
>> a user who is running php3 and connects to a mysql database, he got the
>> login
>> & passwd
>> of the mysql database stored in a file in the directory web ...
>>
>> thanks
>>
>>
>> Luc
>>
>> _______________________________________________
>> cobalt-users mailing list
>> cobalt-users@xxxxxxxxxxxxxxx
>> http://list.cobalt.com/mailman/listinfo/cobalt-users
>>
> _______________________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-users