>>>>> "William" == William Jensen <jensenb@charter.net> writes:
William> On Wed, 30 Aug 2000, Leszek Gerwatowski wrote:
>> Just read it and tell me what you think about it.
William> I think it has some valid points. He brings up issues
William> that make sense and should of been taken care of a long
William> time ago (eg: [...] default homedir perms
The default homedir perms are ok the way they are. Everyone (on the
system) can read everything is good old UNIX tradition.
If you have something sensible, you *have* to *think* about its safety
*yourself*. chmod it, or better yet, encrypt it.
Oh, and you'll notice the "If something like a Web-based cgi is setup
improperly, the attacker would be able to view *any* user's files."
Yeah, if your cgi is misconfigured, you might have even bigger
problems than just "an attacker can view user's files" (not root's,
BTW... and, as mentioned, not files of users who have even half a
clue).
Bye, J
PS: The apology Kurt's put up is nice, I have to say.
--
Jürgen A. Erhard juergen.erhard@gmx.net phone: (GERMANY) 0721 27326
MARS: http://members.tripod.com/Juergen_Erhard/mars_index.html
Give a man fire and he will be warm for a day.
Set a man on fire and he will be warm for the rest of his life.
Attachment:
pgpno_2c4SSYI.pgp
Description: PGP signature