Hi Barbara, >Luckily I don't allow shell access so those files >can't be viewed.
Good for you, but maybe not enough. If you run PHP in it's default mode, any file readable by the apache user is readable by a PHP script. Then, it *is* a (severe) security issue! On a few of my systems, I checked /etc/shadow* just to be sure and all permissions are 400, owned by root. This definitely needs fixing. 644 on /etc/shadow* is a Bad Thing (TM)! Good luck all... Nico _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
