On 7/16/07, Carlos Eduardo Maiolino <[EMAIL PROTECTED]> wrote:
Sorry but, it's wrong.
All users of the system need access in the /etc/passwd.
I won't cgi-scripts list the /etc/passwd
There are some solutions that involve chrooting, SELinux, or similar
restrictions layered on top of basic unix
Sorry but, it's wrong.
All users of the system need access in the /etc/passwd.
I won't cgi-scripts list the /etc/passwd
On 7/16/07, Mark Watts <[EMAIL PROTECTED]> wrote:
> Hello Friends.
>
> I need tips to add more security in my Apache Server. Mainly with
> cgi-scripts,
> I use the suEXEC
y the GETs work fine. Is this something that is
intuitive to someone out there?
Jeff
From: Carlos Eduardo Maiolino [mailto:[EMAIL PROTECTED]
Sent: Monday, July 16, 2007 5:25 AM
To: users@httpd.apache.org
Subject: [EMAIL PROTECTED] Apache CGI security
Hello Friends.
I need tips to
> Hello Friends.
>
> I need tips to add more security in my Apache Server. Mainly with
> cgi-scripts,
> I use the suEXEC, but, with a cgi-script (perl), I obtain a list of the
> /etc/passwd.
>
> Example:
>
> #!/usr/bin/perl
>
> system("cat /etc/passwd");
>
>
>
> how to solve these problems?
>
> Th
Hello Friends.
I need tips to add more security in my Apache Server. Mainly with
cgi-scripts,
I use the suEXEC, but, with a cgi-script (perl), I obtain a list of the
/etc/passwd.
Example:
#!/usr/bin/perl
system("cat /etc/passwd");
how to solve these problems?
Thank's
