[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] MAJOR BUG, Browse any directory view any file

Subject: RE: [cobalt-users] MAJOR BUG, Browse any directory view any file
From: "Ligard, Vidar" <vligard@xxxxxxxxx>
Date: Wed May 28 07:07:01 2003
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

Folks,
This is no news, and no bug. When you are giving someone access to your server, of course they can create a script that let's the rest of the world see whatever they themselves have permission to see.
This goes for any OS, any server. Think about it. If you give away an access privilege, it IS hard if not impossible to ensure that person does not give it on to someone else. And yes, several (almost all) of your system files are readable to any of your users. If your users are dum enough to display these to the rest of the world, they can.

What you DO have to be real careful with is the ASP engine. Unless you take necessary precautions with ASP, it runs as root. This means that an ASP script can read / write to ANY file on the entire server.

There are two ways to fix this:
1) Run the ASP server under a different user.
2) On at least older versions, there is a setting that says: Permit absolutely NO file access to anything in the parent path, only is the current directory and sub-directories.
3) On the newer version (3.5.2.28), there is another setting "Inherit User Security" you can enable.

As SUN ships their servers with ASP running as root without ANY of these options enabled by default, BEWARE.

*****************************************
Vidar Ligard
RHEMA Bible Church - Computer Information Systems
918 258 1588 x2490
*****************************************


> -----Original Message-----
> From: Robert Roose [mailto:robertr@xxxxxxxxxxxxx] 
> Sent: Wednesday, May 28, 2003 8:46 AM
> To: cobalt-users@xxxxxxxxxxxxxxx
> Subject: RE: [cobalt-users] MAJOR BUG, Browse any directory 
> view any file
> 
> 
> when I tried the php code I received output but no passwords 
> are displayed..
> 
> only lines like this: 
> admin:x:500:100:Administrator:/home/.users/112/admin:/bin/bash
> 
> (RaQ550)
> 
> 
> > -----Oorspronkelijk bericht-----
> > Van: Fragga [mailto:fragga@xxxxxxxxxxxx]
> > Verzonden: woensdag 28 mei 2003 15:19
> > Aan: cobalt-users@xxxxxxxxxxxxxxx
> > Onderwerp: Re: [cobalt-users] MAJOR BUG, Browse any 
> directory view any 
> > file
> > 
> > 
> > #!/usr/bin/perl
> > print "Content-type: text/html\n\n";
> > print "<PRE>";
> > print `cat /etc/passwd`;
> > print "</PRE>";
> > 
> > and the same in php --
> > 
> > <PRE>
> > <? passthru("cat /etc/passwd"); ?>
> > </PRE>
> > 
> > yeah ?
> > 
> > fragga
> > 
> > _____________________________________
> > cobalt-users mailing list
> > cobalt-users@xxxxxxxxxxxxxxx
> > To subscribe/unsubscribe, or to SEARCH THE ARCHIVES, go to: 
> > http://list.cobalt.com/mailman/listinfo/cobalt-users
> > 
> 
> _____________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> To subscribe/unsubscribe, or to SEARCH THE ARCHIVES, go to: 
> http://list.cobalt.com/mailman/listinfo/cobalt> -users
>

Prev by Date: [cobalt-users] Cobalt Migration Utility / raqbackup.sh
Next by Date: Re: [cobalt-users] MAJOR BUG, Browse any directory view any file
Previous by thread: Re: [cobalt-users] MAJOR BUG, Browse any directory view any file
Next by thread: [cobalt-users] Sendmail Intermittent

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index