Stealth Snoop Vulnerability
Your home directory is world reachable or executable.
This means everyone can get into your home directory (using chdir) and snoop around
your files and directories without your knowledge or consent as long as the exact
target file or directory is known to the snooper. You must individually lock down
each and every file and directory (using chmod) that you do not explicitly want to
let everyone see.
NOTE: This is one of the most difficult vulnerabilities to fix. If you cannot
figure out how to protect your system against this issue, then don't worry. I think
A-Squad is the only one smart enough to figure out
how to lock down this issue while still allowing ALL services to function perfectly.
This is only a precautionary vulnerability but not a direct problem itself.
Example 1:
Anyone can view where all the sensitive configurations are and likely read them too:
cat /etc/passwd|awk -F: '{print $6}'|xargs -i echo 'ls -l {}/public_html/*/conf*.php'|sh 2>/dev/null
Example 2: Anyone can see where and when any user last logged into from like this:
cat /etc/passwd|awk -F: '{print $6}'|xargs -i echo {}/.lastlogin|xargs -i echo 'cat {};ls -l {}'|sh
Example 3: Anyone can view all your files in any of your directories that
have not been specifically locked down, including your main web site if real WEBROOT
protection isn't secured.