[1080] in WWW Security List Archive
Re: Unix links subverting Web security
daemon@ATHENA.MIT.EDU (Jeffrey Russell Horner)
Thu Oct 26 18:37:48 1995
To: Thomas Maslen <tmaslen@verity.com>
cc: Steff Watkins <Steff.Watkins@Bristol.ac.uk>, www-security@ns2.rutgers.edu,
jhorner@cs.utk.edu
In-reply-to: Your message of "Thu, 26 Oct 1995 11:02:25 PDT."
<199510261802.LAA24129@fiji.verity.com>
Date: Thu, 26 Oct 1995 15:33:03 -0400
From: Jeffrey Russell Horner <jhorner@cs.utk.edu>
Errors-To: owner-www-security@ns2.rutgers.edu
What can you glean from a passwd file?
Surely no one has cracked crypt()...
> Talking about symlinks is missing the point. The same user who did this:
>
> ln -s /etc/passwd test.doc
>
> could just as well have done this:
>
> cp /etc/passwd test.doc
>
> In fact, if I made /etc/passwd group-readable but not world-readable, and
> everything on the system *except* the HTTP daemon's pseudo-user (you _are_
> running it as a pseudo-user with minimal privileges, yes?) was a member of
> that group, then I might be able to prevent the symlink attack but I still
> couldn't prevent anyone doing the copy.
>
> Thomas Maslen
> tmaslen@verity.com My opinions, not Verity's
Jeffrey Russell Horner jhorner@cs.utk.edu
Backups & Lab Assistant, Computer Science Department
University of Tennessee, Knoxville
