Curious symlink problem with Apache -- FC12
Tim
ignored_mailbox at yahoo.com.au
Wed Nov 3 15:56:21 UTC 2010
On Wed, 2010-11-03 at 11:27 -0400, Robert Moskowitz wrote:
> This is NOT a publicly facing server. It is behind my firewall (A
> Juniper SSG5) on a subnet that has very limited outside access. Other
> subnets here have limited access to this subnet. This server is
> running the Amahi.org setup and serves as a PDC to clients on its
> subnet, and some Amahi apps for all local subnets. I am adding the
> repo services for the local devices (on its subnet) and so I can
> rebuild my main repo server. So though I am a bit concerned about
> SELinux being disabled, I am not too worried.
Just to remove any ambiguity: If the only outside access to a computer
is via the webserver software on port 80, then the computer is still
*potentially* vulnerable. A computer can be hacked through flaws in the
webserver. Merely blocking off other ports (e.g. SSH) is only being
partially protective.
Having said that, it would depend on what the webserver could do, as to
whether anybody else could wreak havoc. If it only served flat HTML
files, they'd have to find a security hole in Apache to cause you
problems. The typical Achilles heel is flawed scripts (other programs)
being running through the server (CGI, PHP, et al).
--
[tim at localhost ~]$ uname -r
2.6.27.25-78.2.56.fc9.i686
Don't send private replies to my address, the mailbox is ignored. I
read messages from the public lists.
More information about the users
mailing list