httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Eelco Alosery <i...@multi-graphics.nl>
Subject Re: [users@httpd] Virtual Hosting security issues
Date Sat, 19 Oct 2002 07:57:39 GMT
711 means owner can do all, and group and world can only exacute
so if the system owns a dir and a group or world want to index it, it 
wil exacute and stops a groep from indexing the dir

Sander Holthaus heeft op donderdag, 17 okt 2002 om 01:07 
(Europe/Amsterdam) het volgende geschreven:

> 711 means owners can do all, and group and the world can either 
> execute files
> or read directories. I cannot see how this would? Also, doesn't such a
> settign (711) impair functionality of your scripts?
>
> Op Wednesday 16 October 2002 14:25, Eelco Alosery schreef:
>> I stopt users from reading other users directorys by making a 
>> directory
>> like www andfor each user i make a new dir in this directory white a
>> unik name like my164dir.
>> The www directory I have chmod it to 0711 and this directory whil now
>> sho up white no result when indexing it tru a cgi script
>>
>> sunil sharma heeft op woensdag, 16 okt 2002 om 09:02 
>> (Europe/Amsterdam)
>>
>> het volgende geschreven:
>>> First thanx for reply
>>> Ok if i stop from php then any body can view the
>>> directory structure by perl or cgi and if mod_jk is
>>> their then he can also read from jsp and class file
>>> also so we have to stop it at apache level
>>>
>>> Is their any kind of setting in httpd.conf like
>>> proftpd.conf where if you mention "DefaultRoot ~"
>>> like this then the user can not go into others
>>> directories  this is the just thought which i got
>>>
>>> is this possible in apache's case if i mention
>>> DefautRoot ~ like this then its no any script can view
>>> others directory
>>>
>>> so is it possible?
>>>
>>> thanx again
>>>
>>> --- Gilles Gros <gillesg@whitepj.com> wrote:
>>>> The problem is not apache, but PHP.
>>>>
>>>> look  into the safe mode of PHP.
>>>> disabling some PHP function should help you .
>>>>
>>>> Gilles
>>>>
>>>>> -----Original Message-----
>>>>> From: sunil sharma [mailto:apache_fan@yahoo.com]
>>>>> Sent: Tuesday, October 15, 2002 11:45 PM
>>>>> To: users@httpd.apache.org
>>>>> Subject: [users@httpd] Virtual Hosting security
>>>>
>>>> issues
>>>>
>>>>> Hello Friend
>>>>>
>>>>> I am very worried about my virtual host security
>>>>> issues
>>>>>
>>>>> On my server their are near about 550 virtual
>>>>
>>>> host's
>>>>
>>>>> are configured
>>>>>
>>>>> folloing is the the of example of virtual hosts
>>>>
>>>> setup
>>>>
>>>>> on my server
>>>>>
>>>>> VirtualHost no 1 "test.com"
>>>
>>> #################################################################
>>>
>>>>> <VirtualHost 192.168.1.10>
>>>>>    ServerAdmin webmaster@test.com
>>>>>    DocumentRoot /home/test.com/htdocs
>>>>>    ServerName test.com
>>>>>    ServerAlias www.test.com
>>>>>    ScriptAlias /cgi-bin/ /home/test.com/cgi-bin/
>>>>>    ErrorLog /home/test.com/logs/error_log
>>>>>    CustomLog /home/test.com/logs/access_log
>>>>
>>>> combined
>>>>
>>>>> </VirtualHost>
>>>
>>> ##################################################################
>>>
>>>>> ############
>>>>>
>>>>> VirtualHost No 2 "test1.com"
>>>
>>> #################################################################
>>>
>>>>> <VirtualHost 192.168.1.10>
>>>>>    ServerAdmin webmaster@test.com
>>>>>    DocumentRoot /home/test.com/htdocs
>>>>>    ServerName test.com
>>>>>    ServerAlias www.test.com
>>>>>    ScriptAlias /cgi-bin/ /home/test.com/cgi-bin/
>>>>>    ErrorLog /home/test.com/logs/error_log
>>>>>    CustomLog /home/test.com/logs/access_log
>>>>
>>>> combined
>>>>
>>>>> </VirtualHost>
>>>
>>> ##################################################################
>>>
>>>>> ############
>>>>>
>>>>> if I upload any php script with file open function
>>>>> suppose in test.com
>>>>> i can read  the content of test1.com thought their
>>>>> user and group are different
>>>>> and also i can view the whole directory structure
>>>>
>>>> of
>>>>
>>>>> my server
>>>>>
>>>>> I tired by giving "DocumetRoot ~" like this
>>>>> but it is not working i am finding the solution
>>>>
>>>> but
>>>>
>>>>> can any body help me in this problme?
>>>>> So it their any way from which i can stop this?
>>>>> anybody can help in this?
>>>>>
>>>>> Thanx in advance
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> __________________________________________________
>>>>> Do you Yahoo!?
>>>>> Faith Hill - Exclusive Performances, Videos & More
>>>>> http://faith.yahoo.com
>>>
>>> ---------------------------------------------------------------------
>>>
>>>>> The official User-To-User support forum of the
>>>>
>>>> Apache HTTP Server Project.
>>>>
>>>>> See <URL:http://httpd.apache.org/userslist.html>
>>>>
>>>> for more info.
>>>>
>>>>> To unsubscribe, e-mail:
>>>>
>>>> users-unsubscribe@httpd.apache.org
>>>>
>>>>>    "   from the digest:
>>>>
>>>> users-digest-unsubscribe@httpd.apache.org
>>>>
>>>>> For additional commands, e-mail:
>>>>
>>>> users-help@httpd.apache.org
>>>
>>> ---------------------------------------------------------------------
>>>
>>>> The official User-To-User support forum of the
>>>> Apache HTTP Server Project.
>>>> See <URL:http://httpd.apache.org/userslist.html> for
>>>> more info.
>>>> To unsubscribe, e-mail:
>>>> users-unsubscribe@httpd.apache.org
>>>>    "   from the digest:
>>>> users-digest-unsubscribe@httpd.apache.org
>>>> For additional commands, e-mail:
>>>> users-help@httpd.apache.org
>>>
>>> __________________________________________________
>>> Do you Yahoo!?
>>> Faith Hill - Exclusive Performances, Videos & More
>>> http://faith.yahoo.com
>>>
>>> ---------------------------------------------------------------------
>>> The official User-To-User support forum of the Apache HTTP Server
>>> Project.
>>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
>>> For additional commands, e-mail: users-help@httpd.apache.org
>>
>> Met vriendelijke groet,
>>
>> Multi-Graphics
>> Eelco Alosery
>> Koekoeksbloem 11
>> 8255 KH  Swifterbant
>> Tel : 0321-380014
>> Fax : 0321-843340
>> info@multi-graphics.nl
>> www.multi-graphics.nl
>>
>>
>>
>> ---------------------------------------------------------------------
>> The official User-To-User support forum of the Apache HTTP Server 
>> Project.
>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server 
> Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>


Met vriendelijke groet,

Multi-Graphics
Eelco Alosery
Koekoeksbloem 11
8255 KH  Swifterbant
Tel : 0321-380014
Fax : 0321-843340
info@multi-graphics.nl
www.multi-graphics.nl



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message