[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: squid proxy authentication.
- To: Oded Arbel <odeda-linux-il(at-nospam)betalfa.org.il>
- Subject: Re: squid proxy authentication.
- From: Ariel Biener <ariel(at-nospam)fireball.tau.ac.il>
- Date: Tue, 17 Jul 2001 13:28:15 +0300 (IDT)
- cc: Linux-IL mailing list <linux-il(at-nospam)cs.huji.ac.il>
- In-Reply-To: <010c01c10eb0$d9dd8190$2900000a@oded>
- Sender: linux-il-bounce(at-nospam)cs.huji.ac.il
On Tue, 17 Jul 2001, Oded Arbel wrote:
> Security wise , isn't this the same thing ?
No... Usually `sploit sc33ptz are looking for known things, like
/etc/shadow for example. If you put a file in /usr/local/squid/etc, owned
and readable by squid only, no exploit script knows it's there.
If someone has physical access to your machine, but doesn't have root,
again, he/she will be able to read a world readable /etc/shadow, but not a
squid owned and squid readable /usr/local/squid/etc/passwd
..
--Ariel
--
Ariel Biener
e-mail: ariel@post.tau.ac.il
PGP(6.5.8) public key http://www.tau.ac.il/~ariel/pgp.html
=================================================================
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il