httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Watts <m.wa...@eris.qinetiq.com>
Subject Re: [users@httpd] Apache CGI security
Date Mon, 16 Jul 2007 12:31:21 GMT

> Hello Friends.
>
> I need tips to add more security in my Apache Server. Mainly with
> cgi-scripts,
> I use the suEXEC, but, with a cgi-script (perl), I obtain a list of the
> /etc/passwd.
>
> Example:
>
> #!/usr/bin/perl
>
> system("cat /etc/passwd");
>
>
>
> how to solve these problems?
>
> Thank's

chmod 700 /etc/passwd

Mark.

-- 
Mark Watts BSc RHCE MBCS
Senior Systems Engineer
QinetiQ Trusted Information Management
Trusted Solutions and Services Group
GPG Key: http://keyserver.veridis.com:11371/search?q=0x455420ED

Mime
View raw message