Just wondering why I'm able to create a cgi script that can browse the any of the files in the chroot environment?? Below are the settings I'm using for the server. The document root for the test website is owned by user other than the LSWS.
(Server) Enable chroot Yes
(VH) CGI Set UID Mode DocRoot UID
(VH) CGI Chroot Mode Same as Server
Context /cgi-bin/ is set as follows
Allow Set UID N/A
Why can I browse files in other directories? I should be locked into my doc root..
I think it is a unix account security issue.
A private group should be created for each user, the root directory of each user should be owned by the user and the private group, perission should be 0750 or 0770. then only this user can read his own directory.
The user that web server running as should be member of the private groups of those users, so the web server can read all files.
Then a set-uid CGI script will not able to peak files of another user. :-)
But why can I browse files outside the chroot for LSWS. For example have a simple cgi script that can 'cat' the /etc/passwd file. The file has the following attributes
rw-r--r-- 1 root root 242 Dec 22 15:00 passwd
I'm guessing this is because the it's world readable. Still, bothers me that people within a shared environment can browse these types of files. Do they really need to be world readable??? Is there anyway to prevent it?
Are you sure it is /etc/passwd out side the jail, not the /chroot/etc/passwd? If it is, then it is a bug means that the CGI has not been chroot properly.
As some application need to read /etc/passwd to work properly, so I don't recommend making it not world readable, you can fake a passwd file in the jail. Information in /etc/passwd is not very sensitive to me. :-)
I'm referring to the passwd file located within the jail /chroot/etc/passwd. Take for example a very simple script as shown below.
|All times are GMT -7. The time now is 07:45 PM.|