httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Carlos Eduardo Maiolino" <maioli...@gmail.com>
Subject Re: [users@httpd] Apache CGI security
Date Mon, 16 Jul 2007 15:48:53 GMT
Sorry but, it's wrong.

All users of the system need access in the /etc/passwd.

I won't cgi-scripts list the /etc/passwd



On 7/16/07, Mark Watts <m.watts@eris.qinetiq.com> wrote:
>
>
> > Hello Friends.
> >
> > I need tips to add more security in my Apache Server. Mainly with
> > cgi-scripts,
> > I use the suEXEC, but, with a cgi-script (perl), I obtain a list of the
> > /etc/passwd.
> >
> > Example:
> >
> > #!/usr/bin/perl
> >
> > system("cat /etc/passwd");
> >
> >
> >
> > how to solve these problems?
> >
> > Thank's
>
> chmod 700 /etc/passwd
>
> Mark.
>
> --
> Mark Watts BSc RHCE MBCS
> Senior Systems Engineer
> QinetiQ Trusted Information Management
> Trusted Solutions and Services Group
> GPG Key: http://keyserver.veridis.com:11371/search?q=0x455420ED
>
>

Mime
View raw message