[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: NYT on Netscape Crack



> 
> > 
> >   I doubt this in the case of the browser. Atleast as far as the
> > parsing is concerned. There may be a buffer overflow for example,
> 
> 	Buffer overflow seems like a much greater concern when dealing
> with a server. Particularly one which is supposedly "secure", and
> accessing "secured" documents. Even with the server running as
> 'nobody' if someone can implement buffer overflow to get access to
> documents they shouldn't then that would count as a pretty significant
> hack.

   Right. Some other common ones are ".." and shell meta characters
in paths. Also, accessing files that you don't have permissions
to. Even if the server is perfect, the setup could be bad. For
instance, if you use CERN's Authentication scheme for protecting
URL hierarchies, do not put the passwd/group file within the
hierarchy. I've noticed this before on some servers, like

http://www.isp.com/company1/passwd   contains the passwd file for the
http://www.isp.com/company1/   URL directory. Although it is convenient
to store the passwd file within the hierarchy it is protecting, care
must be taken to make it unreadable by normal HTTP requests. It's better 
to put it in a configuration directory somewhere where no server
has access to. (I've seen this mistake plenty of times)

  A barebone's web server is a pretty simple piece of a software compared
to a browser (or sendmail), so it should be possible to make them
much more secure.

-Ray