linux, säkerhet

5503970 2000-09-22  19:44  /27 rader/ Brevbäraren (som är implementerad i) Python
Mottagare: Bugtraq (import) <12915>
Ärende: httpd.conf in Suse 6.4
------------------------------------------------------------
From: zab0ra aka t0maszek <zabora@SZERMIERZ.UNI.WROC.PL>
To: BUGTRAQ@SECURITYFOCUS.COM
Message-ID: <Pine.SGI.4.10.10009211056140.16043-100000@szermierz.uni.wroc.pl>

hy...

in SuSe 6.4 (maybe another) any user from any host can get info about
packages installed on SuSe systems.
httpd.conf file have entry "Alias /doc/  /usr/doc/" (and others)

in www browser you cat set http://hosts.any/doc/packages/ and you get
list of installed packages

Solusion:
in httpd.conf

<Directory /usr/doc/packages>
order deny,allow
allow from your.ip.or.domain
deny from all
</Directory>


zab0ra aka t0maszek
-------------------
(5503970) ------------------------------------------(Ombruten)