httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "James H. Cloos Jr." <cl...@jhcloos.com>
Subject Re: Why /etc/spwd.db access? (fwd)
Date Fri, 10 May 1996 17:05:33 GMT
> I find appache overall great, but I encounter one security
> related weakness regarding the BSDI's BSD/OS and apache 1.1b2:
> When I start it chrooted, it wants /etc/spwd.db (with passwords)
> to reside in chrooted area; I see no actual need for
> /etc/spwd.db, as /etc/pwd.db (no passwords) would be enough.  Has
> anyone met this problem before?

Any shadowing arangement that uses files rather than NIS-type services
will see this.  The solution is either to recompile libc to not need
the shadow file, or to create a bogus one.

In any case, this is not an Apache issue.

-JimC
-- 
James H. Cloos, Jr.	<URL:http://www.jhcloos.com/~cloos/>
cloos@jhcloos.com	Work: cloos@io.com
LPF,Usenix,SAGE,ISOC,ACLU


Mime
View raw message