[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Telnet Script

Subject: Re: [cobalt-users] Telnet Script
From: Jeff Lasman <jblists@xxxxxxxxxxxxx>
Date: Sun Aug 11 08:55:01 2002
Organization: nobaloney.net
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

support wrote:

> We never got an answer from Cobalt on this one, except "interesting".
> Running this script http://www.rohitab.com/cgiscripts/cgitelnet.html  on a
> virtual site, you can walk all the way up the directory to root.  View files
> that you should not see, even if telnet is turned off on the Raq.
> 
> Anyone no a way to stop users from using a script like this?

This would have to be a linux security issue.  I'm going to download it
and play with it.  My first guess is it would have to be stopped by
changing cgi permissions or at the kernel level, or possibly a brute
force search of your webspace, looking for the code, and deleting it.

Before you randomly delete things from your clients' space, however, I'd
recommend checking your Terms of Service; generally in most
jurisdictions your Terms of Service bind you as well as your clients. 
Hopefully you've got something in there prohibiting use of spyware,
malicious code, or something of the like.

Jeff
-- 
Jeff Lasman <jblists@xxxxxxxxxxxxx>
Linux and Cobalt/Sun/RaQ Consulting
nobaloney.net, P. O. Box 52672, Riverside, CA  92517
voice: +1 909 778-9980  *  fax: +1 909 548-9484

References:
- [cobalt-users] Telnet Script
  - From: support

Prev by Date: [cobalt-users] Telnet Script
Next by Date: Re: [cobalt-users] new Raq - active monitor
Previous by thread: [cobalt-users] Telnet Script
Next by thread: Second reply Re: [cobalt-users] Telnet Script

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index