Unix links subverting Web security

• To: www-security@ns2.rutgers.edu
• Subject: Unix links subverting Web security
• From: Steff Watkins <Steff.Watkins@Bristol.ac.uk>
• Date: Thu, 26 Oct 1995 16:31:21 +0000 (GMT)

Hello all,

  forgive me if this is an 'FAQ' type of question.

Using the CERN/3.0 WebServer (I haven't tried it with NCSA yet), I noticed
the following.

I logged in as myself (in normal user mode), changed to the 'USER_DIR' of my
account and then did the following:

    ln -s /etc/passwd test.doc

I then called this file across the network from another machine (albeit
within the .bris.ac.uk domain) using netscape and the simple user specific
URL of '~ccsw/test.doc'.

What I got back was a nicely pre-formatted copy of my '/etc/passwd' file.

Now, some of our systems DON'T use shadow passwords (not my fault,
honest!).. and that meant that not only did I get a list of all the
usernames, but also the passwords associated with them.

Now, knowing of the strengths of Crack and such like, and the dumb things
our local users do, this constitutes a potential security hole.

So, the question is:

  Is there a standard way of stopping this, by configuration or some other
means at source, that is the WebServer itself? Or, do I have to ritually
scan my filesystem for links to potentially dangerous systems files and
delete them??

Steff

: University of Bristol                            Steff.Watkins@bris.ac.uk
: URL: http://sw.cse.bris.ac.uk/  <= As mentioned in Wired 1.04+
: Making a fire so big the gods will notice me again!!!

• Re: Unix links subverting Web security
• From: Apu <apu@menger.eecs.stevens-tech.edu>
• Re: Unix links subverting Web security
• From: sameer <sameer@c2.org>
• Re: Unix links subverting Web security
• From: David Miller <isdmill@gatekeeper.ddp.state.me.us>
• Re: Unix links subverting Web security
• From: Thomas Maslen <tmaslen@verity.com>

• Previous: Novell Hacking Question -Reply
• Next: Re: Unix links subverting Web security
• Index(es):
  • Index
  • Thread