Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: SCO World Script Vulnerabilities

From: ben () ALGROUP CO UK (Ben Laurie)
Date: Fri, 13 Nov 1998 18:42:27 +0000

Joe wrote:

Since the CGI is being accessed by the system administrator, your remark
about the "user" being able to plug in any host name is plain silly.  If
they've got access to the CGI you're ALREADY compromised. Besides, from
the shell I've got MORE than enough rope to hang myself. If I'm trying to
administer a remote machine over the web I want that same length of rope.


I can find nothing in the article suggesting that access to the CGI
should be restricted, let alone saying how you might do that.
Regardless, it is so easy to secure the scripts properly, there is no
excuse for not doing it, no matter how secure you think the rest of the
setup is.

Cheers,

Ben.

--
Ben Laurie            |Phone: +44 (181) 735 0686| Apache Group member
Freelance Consultant  |Fax:   +44 (181) 735 0689|http://www.apache.org/
and Technical Director|Email: ben () algroup co uk |
A.L. Digital Ltd,     |Apache-SSL author     http://www.apache-ssl.org/
London, England.      |"Apache: TDG" http://www.ora.com/catalog/apache/
Previous By Date Next
Previous By Thread Next

Current thread: