[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Setting permissions

Subject: Re: [cobalt-users] Setting permissions
From: jens@xxxxxxxxxxxxxxxxxxxx (Jens Kristian Søgaard)
Date: Mon Jan 8 15:53:36 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

"Rodolfo J. Paiz \(E-mail\)" <rpaiz@xxxxxxxxxxxxxx> writes:

> Shell access is dangerous... no offense, but you sound like you're getting
> started from your tone (correct me if I misinterpret you). All of the
> quickest/easiest ways to hack into root start at a shell prompt (there are
> others, but you see my point).

You have to remember one important thing here, though. As soon as you
have given a user access to CGIs - he will also implicitly have a
shell account.

The same thing can happen with a PHP not running in safe-mode.

And btw, as far as I remember, it is possible for users to give
themselves the possibility of using CGIs - even if it's disabled in
the Control Panel.

-- 
Jens Kristian Søgaard, Mermaid Consulting I/S,
jens@xxxxxxxxxxxxxxxxxxxx,
http://www.mermaidconsulting.com/

References:
- RE: [cobalt-users] Setting permissions
  - From: Rodolfo J. Paiz \(E-mail\)

Prev by Date: [cobalt-users] Swapping to a large disk in a Qube
Next by Date: [cobalt-users] mail spool weirdness with .tv domain
Previous by thread: RE: [cobalt-users] Setting permissions
Next by thread: RE: [cobalt-users] Setting permissions

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index