Bugtraq mailing list archives
Re: Addendum to FrontPage password issue
From: kosmas () INCREDIBLE COM (Kosmas Skiadopoulos)
Date: Sun, 11 Jan 1998 16:38:15 +0200
On Fri, 9 Jan 1998, hostmaster wrote:
Sorry for the false alarm. There are still some very strange things going on with the default installation scripts' use of permissions and I intend to review this more thoroughly over the weekend.
Well the alarm is not totally false, frontpage IS bogus as HELL, but there is a way to circumvent the cretinous way this is set up. You can set up all of your frontpage users as group web and set the users' permissions as 715 , that is effect disallows other "web" users from accessing other individuals accounts, while retaining "nobody" as your main http daemon user. Then you can use apache's suexec wrapper to do the suing for the frontpage extensions provided that you have httpd.conf set up correctly i.e. with User and Group statements. We know that this is a far from perfect solution but at least it somwhat works on a production system. ____________________________________________ http://www.incredible.com E-mail:info () incredible gr Áðßóôåõôá Äßêôõá Incredible Networks ôçë: (1) 92 12 312 tel +30 1 921 2312 fax: (1) 92 12 314 fax:+30 1 921 2314
Current thread:
- Addendum to FrontPage password issue hostmaster (Jan 09)
- Re: Addendum to FrontPage password issue Kosmas Skiadopoulos (Jan 11)
- perl version of that tin opener (IOS decrypt.c) Riku Meskanen (Jan 11)
- Again: perl version of that tin opener (IOS decrypt.c) Riku Meskanen (Jan 11)
- bug in Solaris 2.6 security logging Ruth Milner [VLA] (Jan 12)
- Buffer overflows in Deliver: get 2.1.13 Chip Salzenberg (Jan 12)
- [SIGNED] Buffer overflows in Deliver: get 2.1.13 Chip Salzenberg (Jan 12)
- KSR[T] Advisory #6: deliver KSR[T] (Jan 12)
- Re: KSR[T] Advisory #6: deliver Chip Salzenberg (Jan 12)
- hole in sudo for MP-RAS. osiris () COURIER CB LUCENT COM (Jan 12)
- Re: hole in sudo for MP-RAS. Cy Schubert - ITSD Open Systems Group (Jan 12)
- Re: hole in sudo for MP-RAS. Todd C. Miller (Jan 12)
(Thread continues...)