[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: NYT on Netscape Crack



> http://www.isp.com/company1/passwd   contains the passwd file for the
> http://www.isp.com/company1/   URL directory. Although it is convenient
> to store the passwd file within the hierarchy it is protecting, care
> must be taken to make it unreadable by normal HTTP requests. It's better 
> to put it in a configuration directory somewhere where no server
> has access to. (I've seen this mistake plenty of times)

	The server process itself still needs access to that file
though in order to verify passwords, so it can't be totally
protected-- a bug in the server might reveal the password file. A
relatively minor point..

> 
>   A barebone's web server is a pretty simple piece of a software compared
> to a browser (or sendmail), so it should be possible to make them
> much more secure.

	Right. The Netscape Commerce server, on the other hand, is by
no means a barebones webserver. It has a full-featured API which
allows dynamic loading of custom-written modules to handle every
aspect of web servering. Its configurations files, while not as
complex as sendmail config files, are rather complex. The server comes
with an "GUI administration tool", which allows you to configure the
server using netscape over HTTP to a special server, -running as
root-, which can modify configuration files, restart the server,
etc. (I am not sure if the administration server -must- run as root,
but that is how it has been configured in the installations I have
seen.)
	Even extremely good security programmers could probably not
write such a complex program without bugs, particularly on the
timescale for which you have commended Netscape. (Extremely good
ethical security programmers may not even be -willing- to write such a
complex program and declare it secure)
	There is actually an interesting parallel to sendmail in
webservers..webservers have a very vital 'rewriting' phase, where they
turn the url (/~sameer for example) into a filename
(/u1/sameer/public_html/index.phtml) This phase is where it checks
ownership, checks symlinks, etc. I figure that section may be rife
with holes, given the incredibly powerful rewriting that the highly
flexible servers can do these days.

-- 
sameer						Voice:   510-601-9777
Community ConneXion				FAX:	 510-601-9734
An Internet Privacy Provider			Dialin:  510-658-6376
http://www.c2.org (or login as "guest")			[email protected]