[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-developers] Security issues with running files owned by httpd under a virtual site.

Subject: RE: [cobalt-developers] Security issues with running files owned by httpd under a virtual site.
From: shimi <shimi@xxxxxxxxxxxxxxxx>
Date: Sun Jun 24 19:50:01 2001
List-id: Discussion Forum for developers on Cobalt Networks products <cobalt-developers.list.cobalt.com>

On Sun, 24 Jun 2001, KAMRY wrote:

> 
> But how would someone other than root or httpd write to the folders. In
> other words, for the cgi/perl script you mentioned, how would it be written
> in those dir owned by httpd. Remember under /web we have a folder owned by
> httpd and grouped as httpd with r-x only.
> 
> Am I missing something,,,,
> 
> KAL
> 
You said the answer yourself, I believe.

You said that the owner is http, right?

Say the owner is "joe". can joe change the permissions to rwx? I believe
he can. Can joe run a script (which inherits his permissions) to do the
same? Sure, he can.

So why would httpd not? :)

- shimi.

References:
- RE: [cobalt-developers] Security issues with running files owned by httpd under a virtual site.
  - From: KAMRY

Prev by Date: RE: [cobalt-developers] RAQ4 mail in GUI problems
Next by Date: Re: [cobalt-developers] root access problem
Previous by thread: RE: [cobalt-developers] Security issues with running files owned by httpd under a virtual site.
Next by thread: Re: [cobalt-developers] root access problem

Sun Cobalt Developers Message Index

Sun Cobalt Developers Thread Index