[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-users] RE: (old) Raq cgi-bin Security Hole

Subject: [cobalt-users] RE: (old) Raq cgi-bin Security Hole
From: "Stefan" <epostfach@xxxxxxxx>
Date: Sat Aug 9 06:34:00 2003
Organization: http://freemail.web.de/
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

I saw this message here form the list archiv

and i played a bit with our RaQ4i Server. Thats

NOT correct on my box - it looks maybe that the

server where it works isnt right configure´d?

All what i get if i try to download a cgi file - is

the HTML code only. The cgi code is hidden and

nobody can download it from http://...

Greetings,

Stefan

On Tue, 05 Mar 2002, tolgaraq wrote:
> When I use getright and enter url of any file in
> cgi-bin getright succesfuly downloads it. And your cgi
> files is open to anyone who knows it's file name.
>
> Anyone know how to prevent it?

That's one of the reasons all my CGIs are chmod 711,
I know everyone likes to use 755, and that's what you get anyone can read them.

--
Gerald Waugh

__________________________________________________________________________
Die sicherste Form der Kommunikation: E-Mails verschluesseln, Spam-Filter,
Adressverifizierung, digitale Unterschrift: http://freemail.web.de

Prev by Date: RE: [cobalt-users] Upgrading from Perl 5.005 on a RaQ4
Next by Date: [cobalt-users] [Qube 3] moving to RAID
Previous by thread: [cobalt-users] Automated reply from jerry@xxxxxxxxxxxxxxx
Next by thread: [cobalt-users] [Qube 3] moving to RAID

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index