Re: Security

Eric Gauthier (gauthier@centre.edu)
Wed, 3 Jan 96 0:37:00 EST


From: Eric Gauthier <gauthier@centre.edu>
Message-Id: <9601030537.AA21087@pacific.centre.edu>
Subject: Re: Security
To: flavio@sol.dimap.ufrn.br, www-html@w3.org
Date: Wed, 3 Jan 96 0:37:00 EST
In-Reply-To: <9601022041.AA11379@costeira.ufrn.br>; from "Flavio Marcelo C B do Amaral" at Jan 2, 96 6:41 pm

>	Some weeks ago I got some mails about some potential security risks
> about the method GET /a/b/../file. I am a graduated student at UFRN in Brazil
> and I am working on a project about network security. 
> 	
> 	The question is where can I find some texts about the risks of the
> GET method? I am looking for a archive that has to do only with it or at least
> get close.
> 
The security risk here is a bit indirect.  The problem
lies in using the relative directory scheme.  Web Servers are
designed to only allow web access to certain directories.
It become very difficult for servers to identify which
actual directory is being accessed when you use a ./
or a ../ in a path.  The danger here is that it gives access
to all the files on ones machine which are world readable.  For
example, the password file on UNIX systems must be readable
by everyone so that login requests for all users can be processed.
This password file contains the encrypted version of a users
password (among other information).  With this file, one can
determine the actual password for a user and then use that
account to hack into a machine.  Other problems I believe
are similar.  This, at least, was the danger which was
discusssed in an operating systems computer science class
that I had here at Centre College.  Anyone else think
of something different?

Eric Gauthier
gauthier@centre.edu