Specific Security Problems
- WWW CGI Scripts:
Careless command-line parsing (shell meta-characters such as `;'),
and servers themselves sloppily written; config files owned by
same user as scripts run, possibly even root. Beware symlinks.
- Writable Areas in FTP:
Avoid directly-writable areas to avoid denial-of-service attacks,
being a home for pirate software, etc. Use a new version of WU FTP
and carefully follow configuration advice.
- Double-check Those Sources:
Especially if the servers will run as root, check the sources and get
them from a trusted source,
(dhdsftp FREE).
Next