[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-users] Re:MAJOR BUG, Browse any directory view any file
- Subject: [cobalt-users] Re:MAJOR BUG, Browse any directory view any file
- From: Charlie Summers <charlie@xxxxxxxxxx>
- Date: Wed May 28 07:25:01 2003
- List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>
At 6:58 AM -0400 5/28/03, ISEE Multimedia is rumored to have typed:
> Does anyone have a fix for this!! This is a major security hole for SUN.
OhMyGod! Next thing you'll tell me is that any of your clients can send
and receive EMAIL through your server, which could contain viruses and become
a MAJOR SECURITY HOLE!!!!!!
I strongly urge you to turn that server off IMMEDIATELY...this is the ONLY
way to make certain no one can see, "any file on another site!" After you
turn it off, your client's information is COMPLETYELY safe; you might be able
to charge more per month by giving the guarantee that NO ONE will EVER see
their files. Just whatever you do, don't turn it back on, or OTHER PEOPLE
WILL SEE THE FILES!!!!!
Seriously, geez, take a vallium. Of COURSE any bozo can write a script to
ls -lag directories, and cat any world-readable file to the browser ANYWHERE
on the machine. Welcome to linux, or ANY operating system for that matter
(possible exception being MacOS9 and lower). Your job is to make sure system
files aren't world-readable so the crackers have a tougher time modifying
anything important; but if web files on someone else's server aren't
world-readable, exactly how do you think the httpd daemon is going to read it
to send it out?
Charlie