Bugtraq mailing list archives
Re: SCO World Script Vulnerabilities
From: ben () ALGROUP CO UK (Ben Laurie)
Date: Fri, 13 Nov 1998 18:42:27 +0000
Joe wrote:
Since the CGI is being accessed by the system administrator, your remark about the "user" being able to plug in any host name is plain silly. If they've got access to the CGI you're ALREADY compromised. Besides, from the shell I've got MORE than enough rope to hang myself. If I'm trying to administer a remote machine over the web I want that same length of rope.
I can find nothing in the article suggesting that access to the CGI should be restricted, let alone saying how you might do that. Regardless, it is so easy to secure the scripts properly, there is no excuse for not doing it, no matter how secure you think the rest of the setup is. Cheers, Ben. -- Ben Laurie |Phone: +44 (181) 735 0686| Apache Group member Freelance Consultant |Fax: +44 (181) 735 0689|http://www.apache.org/ and Technical Director|Email: ben () algroup co uk | A.L. Digital Ltd, |Apache-SSL author http://www.apache-ssl.org/ London, England. |"Apache: TDG" http://www.ora.com/catalog/apache/
Current thread:
- Re: SCO World Script Vulnerabilities Ben Laurie (Nov 13)
- <Possible follow-ups>
- Re: SCO World Script Vulnerabilities //Stany (Nov 13)