11 Apr
2001
11 Apr
'01
21:16
Hi all ! I hope this is the right list to discuss this, but I think it's a real security problem: What's wrong with my apache ? From a skript like: #!/usr/bin/perl print "Content-Type: text/html\n\n"; open HUGO, "/etc/httpd/httpd.conf"; while ($a = <HUGO>) { print $a; } or <?php if (!$i) $i = "/etc/passwd"; readfile($i); print $i; ?> I can publish the whole system, every config file, firewall-rules that are world-readable ... everything. and lots of files are, by default, world-readable ... I could start to make all of them NOT world readable, but isn't there another way ? Any hints ? thnx ... _____ Sent through Master Auchi Mail Systems http://www.masterauchi.com - powered by Linux -