sgpTELSATGP.COM.PL

• Next message: Steve Mosher: "Re: BitchX /ignore bug"
• Previous message: Julian Linton: "wwwboard my help reveal user name and password"
• In reply to: 3APA3A: "(no subject)"
• Next in thread: Shelagh Pepper: "Re: apache and 404/404 status codes"
• Reply: Slawek: "(no subject)"
• Reply: Shelagh Pepper: "Re: apache and 404/404 status codes"
• Reply: Vincent Zweije: "Re: apache and 404/404 status codes"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

If user's home dir is flagged 0700 (or 750 or etc - so "world" cannot get
there) that you'd get code 403.

On multiuser boxes such flags for homedirs are rather common.

User has to set o+x if he wants to create public_html. But in that situation
we'll probably get result code 200 when trying to retrieve
http://somehost/~userinquestion/ ;)

Hopefully Apache has an option to map all 403 result codes to 404.

Bye,
Slawek

----- Original Message -----
From: "3APA3A" <3APA3ASECURITY.NNOV.RU>
To: <VULN-DEVSECURITYFOCUS.COM>
Sent: Thursday, July 06, 2000 3:14 PM
Subject: [VULN-DEV]

> Hello The Incubus,
>
> 05.07.2000 21:03, you wrote: ;
>
> T> When we do www.redhatserver.com/~validlogin we get a 403, when we try
with
> T> another login (which is not valid) we get a 404.
>
> This only depends on existance of public_html directory in user's
> home. If user has no public_html you will also get 404. Using of
> User's dir is configurable. By default
> UserDir public_html
> is in srm.conf
>
> /3APA3A
>

• Next message: Steve Mosher: "Re: BitchX /ignore bug"
• Previous message: Julian Linton: "wwwboard my help reveal user name and password"
• In reply to: 3APA3A: "(no subject)"
• Next in thread: Shelagh Pepper: "Re: apache and 404/404 status codes"
• Reply: Slawek: "(no subject)"
• Reply: Shelagh Pepper: "Re: apache and 404/404 status codes"
• Reply: Vincent Zweije: "Re: apache and 404/404 status codes"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]