httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chuck Murcko <ch...@telebase.com>
Subject Re: Why /etc/spwd.db access? (fwd)
Date Fri, 10 May 1996 16:26:53 GMT
Rob Hartill liltingly intones:
> 
> 
> not acked
> 
> 
> From: Tadej Vodopivec <Tadej.Vodopivec@zaslon.si>
> Message-Id: <199605101303.PAA14004@moon.zaslon.si>
> Subject: Why /etc/spwd.db access?
> To: apache-bugs@apache.org
> Date: Fri, 10 May 1996 15:03:22 +0200 (MET DST)
> X-Mailer: ELM [version 2.4 PL24]
> Content-Type: text
> 
> Hi,
> 
> I find appache overall great, but I encounter one security related weakness
> regarding the BSDI's BSD/OS and apache 1.1b2: When I start it chrooted, it
> wants /etc/spwd.db (with passwords) to reside in chrooted area; I see no
> actual need for /etc/spwd.db, as /etc/pwd.db (no passwords) would be enough.
> Has anyone met this problem before?
> 
> 	Best regards,
> 	  Tadej
> 
Make up a dummy passwd file and use it to build the password databases
in the chrooted area using pwd_mkdb (8), same as for ftp, etc.

chuck
Chuck Murcko	N2K Inc.	Wayne PA	chuck@telebase.com
And now, on a lighter note:
"Protozoa are small, and bacteria are small, but viruses are smaller
than the both put together."

Mime
View raw message