Todd Kirk wrote: > Another point I should mention...no customer on this RAQ4R has shell > access, some with FTP but they are only able to see from > home/sites/www.domain.com/web on down
With a cgi-script they can see everything on the box. Group and world readable shadow* scripts are as dangerous as systems without shadow passwords enabled. Jeff -- Jeff Lasman <[EMAIL PROTECTED]> Linux and Cobalt/Sun/RaQ Consulting nobaloney.net P. O. Box 52672, Riverside, CA 92517 voice: (909) 778-9980 * fax: (702) 548-9484 _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
