[Gllug] Insecure practices at my ISP
Jason Clifford
jason at ukpost.com
Fri Apr 4 10:25:58 UTC 2003
On Fri, 4 Apr 2003, David Pashley wrote:
> > Does the same apply to the use of `ls -al` or find though? After all
> > that's all anyone would need to run in order to determine the security
> > issues Gary mentioned.
> >
> > It might even be considered a reasonable thing to do given that he might
> > be trusting a vital part of his business operation to the system.
>
> If the ISP consider it to be unauthorised, then yes, he would be
> breaking the Computer Misuse Act. Has he been given permission to look
> at other peoples files?
For attempts to access other peoples' files that is true. What however of
system files?
It seems to me that it is reasonable to assume on a shared hosting system
that by default permissions would be such that a normal user would not be
able to look into any other users home directory. This is the default with
many *NIX systems (at least those reasonably up to date as in < 3-4 years
old) after all.
Jason Clifford
--
UKFSN.ORG Finance Free Software while you surf the 'net
http://www.ukfsn.org/ Sign up now
UKPOST.COM get your @ukpost.com address now...
http://www.ukpost.com/ professional hosting and colocation
--
Gllug mailing list - Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug
More information about the GLLUG
mailing list