On Thu, 2009-08-27 at 12:13 +0200, André Warnier wrote:
> Chuck Crisler wrote:
> > On Fri, 2009-08-21 at 09:37 +0100, Tom Evans wrote:
> >
> >
> > My cgi-bin directory (/var/www/cgi-bin) is owned by root with these
> > permissions drwxr-xr-x. This is from my httpd.conf
> >
> Hi.
> On my Linux (D
Chuck Crisler wrote:
On Fri, 2009-08-21 at 09:37 +0100, Tom Evans wrote:
My cgi-bin directory (/var/www/cgi-bin) is owned by root with these
permissions drwxr-xr-x. This is from my httpd.conf
Hi.
On my Linux (Debian) systems, the cgi-bin directories - and the scripts
in it - have a owner "ro
On Fri, 2009-08-21 at 09:37 +0100, Tom Evans wrote:
> If it was owned by user apache, then if the webserver were exploitable,
> the attacker would be able to deface your website. If it is just
> readable by apache, then they would need to exploit apache and then find
> a local privilege escalation
