(RADIATOR) security with radwho.cgi
neil d. quiogue
neil at quiogue.com
Thu Oct 31 15:46:22 CST 2002
A few things:
1. For Unix (and variants), the permissions depend on the umask of the
user executing radwho.cgi (normally the web server user). Your user
environment might be set to 022.
2. /tmp/xxx file should normally be error messages.
One suggestion might be to change the umask of the environment or maybe
change the script to execute a umask of 027 or something more strict
(077).
Regards,
Neil D. Quiogue
On Thursday, October 31, 2002, at 10:21 PM, Utku Er wrote:
> Hi,
>
> I was using RADIATOR radwho CGI scripts for a long time. Some time
> ago I log into my machine and see my database ip, port, database
> username and database password in the /tmp/xxx file in a world
> readable format... I see that radwho.cgi within the radiator package
> creates this file.
>
> Maybe this isn't a big security thread but maybe some people see
> this file and wonder what it is.
> I create scripts in my internal machines and get session table
> directly from the database.
>
> Utku.
>
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list