I will not put such a script on my server, but I'm afraid others will do it. The problem is, yes, I have a lot of users. And I can't read every file they use. I use suexec, but most of them run php and not perl or some other cgi-script. _____ Sent through Master Auchi Mail Systems http://www.masterauchi.com - powered by Linux -----Ursprüngliche Nachricht----- Von: Steffen Dettmer [mailto:steffen@dett.de] Gesendet: Donnerstag, 12. April 2001 11:09 An: Suse-Security Betreff: Re: [suse-security] Apache Problem * Matthias Auchmann wrote on Wed, Apr 11, 2001 at 23:16 +0200:
What's wrong with my apache ? From a skript like:
#!/usr/bin/perl
I can publish the whole system, every config file, ...
Yes, if you want to shot yourself in the foot, you can do this :)
I could start to make all of them NOT world readable, but isn't there another way ?
If you don't want the world to be able to read it, this is a possibility. Otherwise just don't put such a script on your server. If you don't want the world to read such files, don't allow this tool. If you have user on this server, you might want to disable CGI/... execution. BTW, for CGI you should use suExec. It's a pitty but suexec works not with PHP3/4 out of the box. oki, Steffen -- Dieses Schreiben wurde maschinell erstellt, es trägt daher weder Unterschrift noch Siegel. --------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com