[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-users] In Telnet, Able to view other site's files

Subject: [cobalt-users] In Telnet, Able to view other site's files
From: "WebSite Creations" <main@xxxxxxxxxxxxxxxxxxxx>
Date: Thu Oct 19 11:06:54 2000
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

I am wondering, is there a way to protect directories from being viewed by a
normal user in a telnet session?

Example, on a RaQ4, and 3 and 2 I presume, you can telnet in as a normal
user,  NOT ROOT, and do the following;

vi /home/sites/site#/web/index.html

which will show the code for that file.  And it doesn't have to be YOUR
account.  You can view ANY account.

Note, the file is read only if it is not your account.  However, the fact
that anyone can view other's html , and cgi code is frightening.

Yes, I know the argument about telnet being a bad idea, but it is necessary
for some customers.

Any ideas to lock out user directories from non-authorized users in a telnet
session?

Thanks,
Bill

Follow-Ups:
- Re: [cobalt-users] In Telnet, Able to view other site's files
  - From: Ed Booher, Jr

Prev by Date: Re: [cobalt-users] Extract password from /etc/passwd
Next by Date: RE: [cobalt-users] Redirect
Previous by thread: Re: [cobalt-users] MAC address
Next by thread: Re: [cobalt-users] In Telnet, Able to view other site's files

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index