[prev in list] [next in list] [prev in thread] [next in thread] 

List:       linux-security-audit
Subject:    Re: Local problem with Apache
From:       Maurycy Prodeus <z33d () eth-security ! net>
Date:       2000-11-08 22:28:19
[Download RAW message or body]

On Wed, 8 Nov 2000, Pavel Kankovsky wrote:
> > I think, they should warn us in httpd.conf, at least...
> 
> They warn us in the manual: see the section titled "Permissions on
> ServerRoot Directories" in "Security Tips for Server Configuration".

Sorry, I missed it. So ... another trap in
configurations ;> Conclusion is simple,
when you find a bug, look at documentation...
The first step of audit should be reading it. :)

"Real hackers" don't read documentation, but
raw sources :)
                     - z33d
-- 
 __--> http://z33d.eth-security.net/job.html :)

[prev in list] [next in list] [prev in thread] [next in thread]