Results 1 to 4 of 4
Thread: Serious Vulnerability
-
08-15-2003, 03:04 PM #1
- Member Since
- Jun 11, 2003
- Location
- Mount Vernon, WA
- Posts
- 4,915
- Specs:
- MacBook Pro 2.6 GHz Core 2 Duo 4GB RAM OS 10.5.2
Serious VulnerabilityOk I have a serious vulnerability in the way that we are hosting websites on an xserve that I administer.
The problem is with the way personal file sharing works. It allows users to view what is in their Sites folder by going to
http://www.host.com/~user/
While this is great it causes problems because we have in their Sites folder their domain folder.. so for example:
/Users/username/Sites/domain.com/public_html/
So if a person goes to:
http://www.host.com/~user/domain.com/
they can view all the files etc in that directory.. not good at all!
Does anyone know how I can turn off personal file sharing in OS X server? The normal Sharing Preference does not allow me to do this..
Help!
-
08-15-2003, 09:00 PM #2
- Member Since
- Feb 25, 2003
- Location
- Tropical Island, Jealous?
- Posts
- 5,279
- Specs:
- MacPro 3.0Ghz 16GB RAM, 4x256 Vid, 30''cinema display
There is a terminal command.. check here: http://www.osxfaq.com/
-
08-15-2003, 09:08 PM #3
- Member Since
- Jun 11, 2003
- Location
- Mount Vernon, WA
- Posts
- 4,915
- Specs:
- MacBook Pro 2.6 GHz Core 2 Duo 4GB RAM OS 10.5.2
Well I did something a bit different. I changed the default directories that are created when you create a user so that within the Sites folder there would be a folder named personal/public_html/ and then the index.html and images folders would be in the public_html directory and then within the httpd.conf file I changed it so that a Users personal webpage would be found in Sites/personal/public_html and this took care of all vulnerabilities. Which means within the Sites folder a user would have these folders:
personal/
domain.com/
another.com/
etc etc
And I am a happy sysadmin once again
Thanks!
-
08-15-2003, 10:33 PM #4
- Member Since
- Feb 25, 2003
- Location
- Tropical Island, Jealous?
- Posts
- 5,279
- Specs:
- MacPro 3.0Ghz 16GB RAM, 4x256 Vid, 30''cinema display
congrats man
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Similar Threads
-
FREAK vulnerability
By dbm in forum Security AwarenessReplies: 5Last Post: 03-04-2015, 08:58 PM -
ShellShock vulnerability?
By fezopolis in forum macOS - Operating SystemReplies: 1Last Post: 10-18-2014, 11:59 AM -
MS Word vulnerability
By MacInWin in forum Security AwarenessReplies: 3Last Post: 03-25-2014, 05:12 PM -
Mac Vulnerability?
By dziner in forum Apple Rumors and ReportsReplies: 6Last Post: 01-26-2004, 04:45 AM