On Saturday 09 February 2002 11:40 am, cbtrussell wrote: > > might vary) could find more worrying. For instance that any FTP user can > > wander outside his own directories and sniff around on almost the entire > > machine. So there are no chrooted and sandboxed home directories and/or > > services. Heck, even Bind-8 was running as user root for years, until a
> I was reading the docs for a shopping cart script the other day and it > basically said if you encounter a host that allows you to browse other > user's directories, you should "run, not walk, away - as fast as you can." > > Not a real issue for me because I don't have any users who maintain their > sites themselves, but do you have an elegant solution to this problem? > Every fix I've seen on the list has been rather scary.... > > Brandon That statement above is WRONG!!! The RaQ (actually proftpd) jails the FTP user to his own directory tree. -- Gerald Waugh Registered Linux User 255245 Register at http://counter.li.org _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
