[1078] in WWW Security List Archive
Re: Unix links subverting Web security
daemon@ATHENA.MIT.EDU (Thomas Maslen)
Thu Oct 26 17:40:20 1995
To: Steff Watkins <Steff.Watkins@Bristol.ac.uk>
Cc: www-security@ns2.rutgers.edu
In-Reply-To: Your message of "Thu, 26 Oct 1995 16:31:21 -0000."
<9510261631.AA06763@sun.cse.bris.ac.uk>
Date: Thu, 26 Oct 1995 11:02:25 -0700
From: Thomas Maslen <tmaslen@verity.com>
Errors-To: owner-www-security@ns2.rutgers.edu
Talking about symlinks is missing the point. The same user who did this:
ln -s /etc/passwd test.doc
could just as well have done this:
cp /etc/passwd test.doc
In fact, if I made /etc/passwd group-readable but not world-readable, and
everything on the system *except* the HTTP daemon's pseudo-user (you _are_
running it as a pseudo-user with minimal privileges, yes?) was a member of
that group, then I might be able to prevent the symlink attack but I still
couldn't prevent anyone doing the copy.
Thomas Maslen
tmaslen@verity.com My opinions, not Verity's
