>From what I understand, /etc/passwd has to be world readable. If I'm wrong, correct me please. If it's world readable, anyone can read it unless you use a chroot or use OS containers like OpenVZ (they'd still see the file, but it just wouldn't be the whole server's file).
Dusty On Sun, Oct 5, 2008 at 1:27 PM, Rico Secada <[EMAIL PROTECTED]> wrote: > Hi. > > I have a webserver running with a couple of users as virtual hosts in > Apache. > > I read this article from IBM > http://www.ibm.com/developerworks/opensource/library/os-php-secure-apps/index.html > (look for "Guard your filesystem") and testet the PHP script on an Etch > installation, and the script serves files such as /etc/passwd and > others. > > What is the best and correct way to protect the server from users who > might upload such a script on their web directory? > > I don't want to run Apache in a chroot. > > Best regards. > > Rico > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
