Hi Brandon, > I was reading the docs for a shopping cart script the other day and it > basically said if you encounter a host that allows you to browse other > user's directories, you should "run, not walk, away - as fast as you can."
Yes, that's a good suggestion. :o) > do you have an elegant solution to this problem? Only the theoretical model behind one such fix: Block NFS to the outside world. Then export the users directories by NFS and mount it in a chrooted jail along with its own /tmp, it's own loopback device its own /usr/local/bin, /usr/bin and whatever else the user needs and whatever we can safely grant him. Once logged in (by SSH or FTP) he can only see his own stuff and whatever else is put into his chrooted jail. Some pretty safe linux distributions use this kind of approach, like Rocklinux or Kaladix. -- With best regards, Michael Stauber [EMAIL PROTECTED] Unix/Linux Support Engineer _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
