Re: Unix links subverting Web security

• To: Thomas Maslen <tmaslen@verity.com>
• Subject: Re: Unix links subverting Web security
• From: Jeffrey Russell Horner <jhorner@cs.utk.edu>
• Date: Thu, 26 Oct 1995 15:33:03 -0400
• cc: Steff Watkins <Steff.Watkins@Bristol.ac.uk>, www-security@ns2.rutgers.edu, jhorner@cs.utk.edu
• In-reply-to: Your message of "Thu, 26 Oct 1995 11:02:25 PDT." <199510261802.LAA24129@fiji.verity.com>

What can you glean from a passwd file?

Surely no one has cracked crypt()...

> Talking about symlinks is missing the point.  The same user who did this:
> 
>     ln -s /etc/passwd test.doc
> 
> could just as well have done this:
> 
>     cp /etc/passwd test.doc
> 
> In fact, if I made /etc/passwd group-readable but not world-readable, and
> everything on the system *except* the HTTP daemon's pseudo-user (you _are_
> running it as a pseudo-user with minimal privileges, yes?) was a member of 
> that group, then I might be able to prevent the symlink attack but I still
> couldn't prevent anyone doing the copy.
> 
> Thomas Maslen
> tmaslen@verity.com				My opinions, not Verity's
 Jeffrey Russell Horner   jhorner@cs.utk.edu
 Backups & Lab Assistant, Computer Science Department
 University of Tennessee, Knoxville

• Re: Unix links subverting Web security
• From: (John Sechrest) <sechrest@cs.orst.edu>
• Re: Unix links subverting Web security
• From: "Ong Guan Sin" <cceonggs@leonis.nus.sg>
• Re: Unix links subverting Web security
• From: Julian Anderson <Julian.Anderson@Comp.VUW.AC.NZ>
• Re: Unix links subverting Web security
• From: mogens@Mjosa.Stanford.edu (Christian Mogensen)

• Re: Unix links subverting Web security
• From: Thomas Maslen <tmaslen@verity.com>

• Previous: Re: Novell Hacking Question
• Next: Re: Unix links subverting Web security
• Index(es):
  • Index
  • Thread