[1077] in WWW Security List Archive


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Unix links subverting Web security

daemon@ATHENA.MIT.EDU (smb@research.att.com)
Thu Oct 26 17:00:34 1995

From: smb@research.att.com
To: Steff Watkins <Steff.Watkins@Bristol.ac.uk>
cc: www-security@ns2.rutgers.edu
Date: Thu, 26 Oct 95 13:42:07 EDT
Errors-To: owner-www-security@ns2.rutgers.edu

	 Is there a standard way of stopping this, by configuration or
	 some other means at source, that is the WebServer itself?

Run the Web server in a chroot'ed partition.

Of course, that won't stop someone from copying /etc/passwd to their
own area -- you can make something foolproof, but not damnfoolproof.


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[1077] in WWW Security List Archive

Re: Unix links subverting Web security

daemon@ATHENA.MIT.EDU (smb@research.att.com)Thu Oct 26 17:00:34 1995

daemon@ATHENA.MIT.EDU (smb@research.att.com)
Thu Oct 26 17:00:34 1995