[1083] in WWW Security List Archive
Re: Unix links subverting Web security
daemon@ATHENA.MIT.EDU (Chris Garrigues)
Thu Oct 26 23:10:40 1995
Date: Thu, 26 Oct 1995 19:16:41 -0500
To: Steff Watkins <Steff.Watkins@Bristol.ac.uk>
From: cwg@DeepEddy.Com (Chris Garrigues)
Cc: www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
At 11:31 AM 10/26/95, Steff Watkins wrote:
> Hello all,
>
> forgive me if this is an 'FAQ' type of question.
>
> Using the CERN/3.0 WebServer (I haven't tried it with NCSA yet), I noticed
> the following.
>
> I logged in as myself (in normal user mode), changed to the 'USER_DIR' of my
> account and then did the following:
>
> ln -s /etc/passwd test.doc
It just occured to me that if you're going to troll for these, you ought to
look under the name ".htaccess".
At first I thought, "why would a user do something that stupid." Then I
thought of a reason someone might. ~sigh~
Chris
Chris Garrigues cwg@DeepEddy.Com
Deep Eddy Internet Consulting +1 512 432 4046
609 Deep Eddy Avenue
Austin, TX 78703-4513 USA http://www.DeepEddy.Com/~cwg/
