Bugtraq mailing list archives
Re: HTTPD bug
From: baba () beckman uiuc edu (Baba Z Buehler)
Date: Mon, 17 Apr 1995 08:25:34 -0500
Mr Martin J Hargreaves <ch11mh () surrey ac uk> writes:
On Sun, 16 Apr 1995, Mr Pink wrote:Hello all, i was browsing thru alt.2600, as you do, and spotted something of interest it appears there is a problem with the CERN httpd. It allows you to create a directory in a users home dir that can be accessed via mosaic/netscape. well the bad bit of news is, if you sym link this dir to root (/), file ownership becomes non existent. i was easily able to read the shadow passwd file!This may also be possible with the NCSA daemon. You can set the FOLLOW_SYMLINKS variable in $SERVERROOT/conf/access.conf I believe to prevent the NCSA one from following any symlinks. However I think it defaults to following them. Haven't tested the file permissions under these conditions. I think there is a hole if he could read the shadow passwords, but that good server admin (not allowing symlinks from user directories, not running httpd as root, etc) may prevent the attack (possibly why it hasn't been found until now)...
the httpd process will read files with the permissions of the user it is running as. if you run your httpd as root, then you've got a problem. run httpd as user 'nobody' or some such, and you won't have this problem. -- # Baba Z Buehler - 'Hackito Ergo Sum' # Beckman Institute Systems Services, Urbana Illinois # # UNIX . . . best if used before: Tue Jan 19 03:14:08 2038 UTC # # WWW: http://www.beckman.uiuc.edu/groups/biss/people/baba/ # PGP public key on WWW homepage and key servers (key id: C13D8EE1)
Current thread:
- Re: HTTPD bug Mr Martin J Hargreaves (Apr 16)
- Re: HTTPD bug Darren Reed (Apr 16)
- Re: HTTPD bug Baba Z Buehler (Apr 17)
- Re: HTTPD bug Mr Martin J Hargreaves (Apr 17)
- Re: HTTPD bug Joe Konczal (Apr 18)
- Re: HTTPD bug Mr Martin J Hargreaves (Apr 17)
- Re: HTTPD bug carson () lehman com (Apr 17)
- Re: HTTPD bug Tom Fitzgerald (Apr 17)