January 2nd, 2002 07:36 PM
While setting up Apache 2 on my linux box, I was testing pages with lynx, rather than load up netscape. All was working fine, so I checked a page under my regular user folder (in public_html) and inadvertantly typed in ~hostnameThis gave me full directory traversal of the computer. Is this a regular feature of lynx?
I checked it out further by telnetting to an account I had, and got the same thing. It appeared, that I had no more access than I would normally have with telnet or ssh, but I'd never run across this before. Any security problems with this, other than I shouldn't allow telnet?
January 2nd, 2002 09:46 PM
Actually, if you try just lynx ~ you get to browse your drive starting from your home directory (just like cd ~ takes you to your home directory).
You probably shouldn't allow telnet access, but I don't think that has anything to do with this. It's probably just a little used feature of lynx.
The Nelson-Shepherd cutoff: The point at which you realise someone is an idiot while trying to help them.
\"Well as far as the spelling, I speak fluently both your native languages. Do you even can try spell mine ?\" -- Failed Insult
Is your whole family retarded, or did they just catch it from you?
January 3rd, 2002 12:00 AM
Thanks so much for your help. I was ecstatic when I discovered the "bug". I finally convinced myself that it was normal, and posted here to make sure. Even newbies gotta learn..