> might vary) could find more worrying. For instance that any FTP user can > wander outside his own directories and sniff around on almost the entire > machine. So there are no chrooted and sandboxed home directories and/or > services. Heck, even Bind-8 was running as user root for years, until a long
Michael, I was reading the docs for a shopping cart script the other day and it basically said if you encounter a host that allows you to browse other user's directories, you should "run, not walk, away - as fast as you can." Not a real issue for me because I don't have any users who maintain their sites themselves, but do you have an elegant solution to this problem? Every fix I've seen on the list has been rather scary.... Brandon _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
