Re: Apache CGI security

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: users@xxxxxxxxxxxxxxxx
Subject: Re: Apache CGI security
From: "Carlos Eduardo Maiolino" <maiolinux@xxxxxxxxx>
Date: Mon, 16 Jul 2007 12:48:53 -0300
In-reply-to: <200707161331.25057.m.watts@xxxxxxxxxxxxxxxx>
Reply-to: users@xxxxxxxxxxxxxxxx

Sorry but, it's wrong.

All users of the system need access in the /etc/passwd.

I won't cgi-scripts list the /etc/passwd

On 7/16/07, Mark Watts <m.watts@xxxxxxxxxxxxxxxx> wrote:

> Hello Friends.
>
> I need tips to add more security in my Apache Server. Mainly with
> cgi-scripts,
> I use the suEXEC, but, with a cgi-script (perl), I obtain a list of the
> /etc/passwd.
>
> Example:
>
> #!/usr/bin/perl
>
> system("cat /etc/passwd");
>
>
>
> how to solve these problems?
>
> Thank's

chmod 700 /etc/passwd

Mark.

--
Mark Watts BSc RHCE MBCS
Senior Systems Engineer
QinetiQ Trusted Information Management
Trusted Solutions and Services Group
GPG Key: http://keyserver.veridis.com:11371/search?q=0x455420ED

Follow-Ups:
- Re: Apache CGI security
  - From: Joshua Slive

References:
- Apache CGI security
  - From: Carlos Eduardo Maiolino
- Re: Apache CGI security
  - From: Mark Watts

Prev by Date: RE: Apache Tomcat Load Balancing
Next by Date: Re: Apache CGI security
Previous by thread: Re: Apache CGI security
Next by thread: Re: Apache CGI security
Index(es):
- Date
- Thread

[Index of Archives] [Open SSH Users] [Linux ACPI] [Linux Kernel] [Linux Laptop] [Kernel Newbies] [Security] [Netfilter] [Bugtraq] [Squid] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Samba] [Video 4 Linux] [Device Mapper]

Powered by Linux