Re: List of bugs that must be fixed before releasing Slink

To: Brian White <bcwhite@pobox.com>
Cc: Wichert Akkerman <wakkerma@cs.leidenuniv.nl>, Brian White <bcwhite@bcwhite.ml.org>, debian-devel@lists.debian.org, debian-qa@lists.debian.org, debian-testing@lists.debian.org
Subject: Re: List of bugs that *must* be fixed before releasing Slink
From: Ben Collins <bmc@visi.net>
Date: Sun, 31 Jan 1999 22:18:56 -0500
Message-id: <[🔎] 19990131221856.K14190@visi.net>
Mail-followup-to: Brian White <bcwhite@pobox.com>, Wichert Akkerman <wakkerma@cs.leidenuniv.nl>, Brian White <bcwhite@bcwhite.ml.org>, debian-devel@lists.debian.org, debian-qa@lists.debian.org, debian-testing@lists.debian.org
In-reply-to: <[🔎] 36B51B21.3A35566@pobox.com>; from Brian White on Sun, Jan 31, 1999 at 10:10:25PM -0500
References: <E1068wg-00016a-00@gatekeeper.bcwhite.ml.org> <[🔎] 19990131140100.B2824@cs.leidenuniv.nl> <[🔎] 36B4ACE0.B6B006D8@pobox.com> <[🔎] 19990131214345.G14190@visi.net> <[🔎] 36B51B21.3A35566@pobox.com>

On Sun, Jan 31, 1999 at 10:10:25PM -0500, Brian White wrote:
> I understand.  My point, however, was that anyone who exports those things
> on purpose could just as easily copy the file, ftp it, email it, or
> whatever.  Plugging a whole in the side of a boat doesn't help when the
> boat has no bottom.

No, the mod_roaming directory is 0750 and is owned www-data.www-data.
You _can't_ get to it without this method. Also I have several
databases that are only accesible to the server with mode 640, and I
know that .htpasswd files in the main web directory should also only be
accesible with similar modes. These are protected files, and the admin
expects other things to honor these modes. With out the suggested fix,
it leaves the system vulnerable, and the admin has a false sense of
security with his web server.

--
-----    -- - -------- --------- ----  -------  -----  - - ---   --------
Ben Collins <b.m.collins@larc.nasa.gov>                  Debian GNU/Linux
UnixGroup Admin - Jordan Systems Inc.                 bcollins@debian.org
------ -- ----- - - -------   ------- -- The Choice of the GNU Generation

Reply to:

Follow-Ups:
- Re: List of bugs that *must* be fixed before releasing Slink
  - From: Jonel Rienton <nelski@megsinet.net>

References:
- Re: List of bugs that *must* be fixed before releasing Slink
  - From: Wichert Akkerman <wakkerma@cs.leidenuniv.nl>
- Re: List of bugs that *must* be fixed before releasing Slink
  - From: Brian White <bcwhite@pobox.com>
- Re: List of bugs that *must* be fixed before releasing Slink
  - From: Ben Collins <bmc@visi.net>
- Re: List of bugs that *must* be fixed before releasing Slink
  - From: Brian White <bcwhite@pobox.com>

Prev by Date: Re: List of bugs that *must* be fixed before releasing Slink
Next by Date: Re: Call for mascot! :-)
Previous by thread: Re: List of bugs that *must* be fixed before releasing Slink
Next by thread: Re: List of bugs that *must* be fixed before releasing Slink
Index(es):
- Date
- Thread

Re: List of bugs that *must* be fixed before releasing Slink

Re: List of bugs that must be fixed before releasing Slink