Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Addendum to FrontPage password issue

From: kosmas () INCREDIBLE COM (Kosmas Skiadopoulos)
Date: Sun, 11 Jan 1998 16:38:15 +0200

On Fri, 9 Jan 1998, hostmaster wrote:



Sorry for the false alarm.  There are still some very strange things going
on with the default installation scripts' use of permissions and I intend
to review this more thoroughly over the weekend.




Well the alarm is not totally false, frontpage IS bogus as HELL, but there
is a way to circumvent the cretinous way this is set up.

You can set up all of your frontpage users as group web and set the users'
permissions as 715 , that is effect disallows other "web" users from
accessing other individuals accounts, while retaining "nobody" as your
main http daemon user. Then you can use apache's suexec wrapper to do the
suing for the frontpage extensions provided that you have httpd.conf set
up correctly i.e. with User and Group statements.

        We know that this is a far from perfect solution but at least it
somwhat works on a production system.

____________________________________________
http://www.incredible.com
E-mail:info () incredible gr


Áðßóôåõôá Äßêôõá        Incredible Networks
ôçë: (1) 92 12 312      tel +30 1 921 2312
fax: (1) 92 12 314      fax:+30 1 921 2314
Previous By Date Next
Previous By Thread Next

Current thread: