On Friday 05 March 2004 09:01 am, Johnny Fulcrum wrote:
> > I programmed our web page with a vital error.  I passed a variable that
> > contained the name of a file to be opened is such a way that it could be
> > changed.  So the hacker simply changed it to whatever file they wanted to
> > see and presto - I handed them my box.

Running things chroot'd is your friend.

-- 
Bob Tanner <tanner at mn-linux.org>          | Phone : (952)943-8700
http://www.mn-linux.org, Minnesota, Linux | Fax   : (952)943-8500
Key fingerprint = AB15 0BDF BCDE 4369 5B42  1973 7CF1 A709 2CC1 B288

_______________________________________________
TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
http://www.mn-linux.org tclug-list at mn-linux.org
https://mailman.real-time.com/mailman/listinfo/tclug-list