Re: disabling file:///home/user viewing in apache on fc3

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: For users of Fedora Core releases <fedora-list@xxxxxxxxxx>
Subject: Re: disabling file:///home/user viewing in apache on fc3
From: Paul Howarth <paul@xxxxxxxxxxxx>
Date: Wed, 10 Aug 2005 12:59:45 +0100
In-reply-to: <[email protected]>
List-archive: <https://www.redhat.com/archives/fedora-list>
List-help: <mailto:[email protected]?subject=help>
List-id: For users of Fedora Core releases <fedora-list.redhat.com>
List-post: <mailto:[email protected]>
List-subscribe: <http://www.redhat.com/mailman/listinfo/fedora-list>, <mailto:[email protected]?subject=subscribe>
List-unsubscribe: <http://www.redhat.com/mailman/listinfo/fedora-list>, <mailto:[email protected]?subject=unsubscribe>
References: <[email protected]> <[email protected]> <[email protected]> <[email protected]> <[email protected]>
Reply-to: For users of Fedora Core releases <fedora-list@xxxxxxxxxx>
User-agent: Mozilla Thunderbird 1.0.6-1.1.fc4 (X11/20050720)

Ankush Grover wrote:

the permissions on user's home directory r normally 700 or 770 .But i
was able to view the contents of the home directories of any user
including root user home directory from the browser.I tried this with
about 5 users and those users don't have any root privileges they r
just normal users but they were able to read the contents of root and
other user's home directory and that indeed is a security breach.


I can't reproduce this here (fc4).

Putting "file:///root/" in the firefox address bar does nothing.

Putting "file:///my/home/directory/" browses to my directory.

Can you browse other directories (e.g. /root) using nautilus?

What's the output of "ls -ld / /root"?

None of this is anything to do with apache btw - file:// URLs arehandled directly by the browser and aren't sent to a server.


Paul.

Follow-Ups:
- Re: disabling file:///home/user viewing in apache on fc3
  - From: John Pierce

References:
- disabling file:///home/user viewing in apache on fc3
  - From: Ankush Grover
- Re: disabling file:///home/user viewing in apache on fc3
  - From: Paul Howarth
- Re: disabling file:///home/user viewing in apache on fc3
  - From: Ankush Grover
- Re: disabling file:///home/user viewing in apache on fc3
  - From: Paul Howarth
- Re: disabling file:///home/user viewing in apache on fc3
  - From: Ankush Grover

Prev by Date: yum update: RH package not signed
Next by Date: Re: fc4 and urls
Previous by thread: Re: disabling file:///home/user viewing in apache on fc3
Next by thread: Re: disabling file:///home/user viewing in apache on fc3
Index(es):
- Date
- Thread

[Index of Archives] [Current Fedora Users] [Fedora Desktop] [Fedora SELinux] [Yosemite News] [Yosemite Photos] [KDE Users] [Fedora Tools] [Fedora Docs]