|
ru.unix
- RU.UNIX ----------------------------------------------------------------------
From : Strange Alex 2:5000/104.51 13 Jun 2002 12:40:06
To : Sergey Novak
Subject : security
--------------------------------------------------------------------------------
12 Jun 02 21:08, you wrote to andrew noga:
SN> Проблема в том, что запущенная CGI видит все каталоги и я
SN> могу сделать на перле примерно такой трюк:
SN>
SN> $hack = `cat /home/andrew/public_html/config-file-with-passwords`;
user: andrew group: hoster
user: another group: hoster
...
chown andrew.hoster /home/andrew
chmod 0705 /home/andrew
и никто из группы hoster ничего подсмотреть не сможет.
apache же в этом случае будет как other и все прочитает.
все скрипты в suexec. для php пользуешь safe mode.
минус конечно есть - всем кому не доверяем должны иметь группу hoster.
SN> $hack = `cat /etc/passwd`;
А в этом то что плохого ?
А если совсем паранойя замучила - смотри на jail(8).
WBR, Strange Alex
...STRANGE-RIPN, RSA16-RIPE, UIN: 8397628, E-mail: strange@unicon.ru
... Гвозди бы делать из этих ежей...
--- GoldED+/BSD 1.1.5
* Origin: Novosibirsk, Russia (2:5000/104.51)
Вернуться к списку тем, сортированных по: возрастание даты уменьшение даты тема автор
| Тема: |
Автор: |
Дата: |
|
security |
Sergey Novak |
09 Jun 2002 19:54:54 |
 Re: security |
Andrew Noga |
12 Jun 2002 10:56:04 |
  security |
Sergey Novak |
12 Jun 2002 21:08:00 |
 security |
Strange Alex |
13 Jun 2002 12:40:06 |
|
security |
Serge V. Svetoff |
13 Jun 2002 10:22:42 |
|
security |
Oleg Derevenetz |
13 Jun 2002 12:34:50 |
|
Re: security |
Alexander Titaev |
13 Jun 2002 18:40:53 |
 security |
Oleg Derevenetz |
13 Jun 2002 19:11:42 |
|
Re: security |
Lev Walkin |
14 Jun 2002 00:27:51 |
|
Re: security |
Victor Wagner |
14 Jun 2002 02:03:15 |
|
Re: security |
Lev Walkin |
14 Jun 2002 02:29:46 |
 Re: security |
Victor Wagner |
14 Jun 2002 09:48:28 |
|
Re: security |
Valentin Davydov |
14 Jun 2002 19:29:44 |
|
security |
Oleg Derevenetz |
14 Jun 2002 09:10:22 |
|
Re: security |
Alexander Titaev |
14 Jun 2002 10:21:52 |
|
security |
Oleg Derevenetz |
14 Jun 2002 09:03:12 |
|
security |
pavel kurnosoff |
15 Jun 2002 01:40:24 |
|
security |
Oleg Derevenetz |
17 Jun 2002 10:15:38 |
|
security |
pavel kurnosoff |
19 Jun 2002 00:12:48 |
|
security |
Oleg Derevenetz |
19 Jun 2002 10:16:34 |
|
security |
Dmitry Afanasiev |
16 Jun 2002 21:42:18 |
|
security |
Oleg Derevenetz |
17 Jun 2002 10:17:14 |
|
security |
Dmitry Afanasiev |
18 Jun 2002 00:42:41 |
|
security |
Serge V. Svetoff |
13 Jun 2002 13:54:12 |
|
security |
Oleg Derevenetz |
13 Jun 2002 19:21:23 |
|
security |
Sergey Novak |
14 Jun 2002 00:31:32 |
|
Re: security |
Vasily Korytov |
15 Jun 2002 02:29:21 |
|
Re: security |
Viktor Remennik |
15 Jun 2002 01:22:44 |
|
Re: security |
Eugene Grosbein |
15 Jun 2002 09:56:27 |
|
security |
Sergey Novak |
15 Jun 2002 12:04:31 |
|
security |
Alexander Botarjev |
18 Jun 2002 10:14:58 |
|
Re: security |
Eugene Grosbein |
12 Jun 2002 16:06:13 |
|
security |
Sergey Novak |
12 Jun 2002 21:11:50 |
|
Re: security |
Eugene Grosbein |
13 Jun 2002 14:02:54 |
|
security |
Sergey Novak |
17 Jun 2002 07:15:16 |
|
Re: security |
Spartak Radchenko |
12 Jun 2002 13:03:38 |
|
Re: security |
Eugene B. Berdnikov |
12 Jun 2002 13:03:38 |
|
Re: security |
Slava Astashonok |
12 Jun 2002 14:33:41 |
|
Re: security |
Eugeny A. Krestnikoff |
13 Jun 2002 08:51:36 |
|
Re: security |
Slava Astashonok |
13 Jun 2002 13:30:39 |
|
security |
pavel kurnosoff |
14 Jun 2002 01:58:14 |
|
security |
Slawa Olhovchenkov |
14 Jun 2002 11:38:32 |
|
Re: security |
Ilya Anfimov |
14 Jun 2002 13:23:38 |
|
security |
Oleg Derevenetz |
14 Jun 2002 13:48:03 |
|
security |
Slawa Olhovchenkov |
14 Jun 2002 14:58:42 |
|
security |
pavel kurnosoff |
15 Jun 2002 01:28:54 |
|
security |
Slawa Olhovchenkov |
15 Jun 2002 11:15:52 |
|
security |
pavel kurnosoff |
16 Jun 2002 02:02:48 |
|
security |
Sergey Novak |
17 Jun 2002 07:10:47 |
|
|
