But why can I browse files outside the chroot for LSWS. For example have a simple cgi script that can 'cat' the /etc/passwd file. The file has the following attributes
rw-r--r-- 1 root root 242 Dec 22 15:00 passwd
I'm guessing this is because the it's world readable. Still, bothers me that people within a shared environment can browse these types of files. Do they really need to be world readable??? Is there anyway to prevent it?