>>>>> "Martin" == Martin J Hargreaves <ch11mh@surrey.ac.uk> writes: Martin> I don't think this has been brought up on bugtraq yet, if it Martin> has sorry. This is from Linux-security, posted by "Mr Pink Martin> (vince@dallas.demon.co.uk) apologies to Mr. Pink for my instant Martin> repost. Martin> On Sun, 16 Apr 1995, Mr Pink wrote: >> It allows you to create a directory in a users home dir that can be >> accessed via mosaic/netscape. well the bad bit of news is, if you sym >> link this dir to root (/), file ownership becomes non existent. >> >> i was easily able to read the shadow passwd file! The easy fix is to run the daemon as nobody (which is what I do). chroot'ing will also take care of this sort of problem. -- Carson Gaspar -- carson@cs.columbia.edu carson@lehman.com <This is the boring business .sig - no outre sayings here>