Re: SECURITY LEAK in ncsa httpd - PLEASE READ THE DOCUMENTATIONmarca@eit.COM (Marc Andreessen)
Date: Tue, 8 Feb 1994 19:56:50 --100
From: marca@eit.COM (Marc Andreessen)
To: Multiple recipients of list <email@example.com>
Subject: Re: SECURITY LEAK in ncsa httpd - PLEASE READ THE DOCUMENTATION
X-Listprocessor-Version: 6.0c -- ListProcessor by Anastasios Kotsikonas
> * SECURITY LEAK in ncsa httpd - PLEASE READ!!!! by Markus Stumpf
> * written on Feb 8, 4:52pm.
> * We run httpd from inetd and I always thought (but never checked)
> * that User and Group (from the conf oder httpd.h files) applies
> * in that case, too.
> * This is NOT true! (and should be stated clearly in the conf files
> * IMHO).
I've never been able to figure out why someone would advertise his own
lack of understanding of a situation to a large group of people in
screaming capital letters.
In any case, the docs for User -- for example -- have always stated:
"This directive is only applicable if you are using a ServerType of
An erroneous assumption does not a SECURITY LEAK make, when the docs
clearly state the facts.