[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Major security issue - PHP

Subject: Re: [cobalt-users] Major security issue - PHP
From: "Denis Bystruev" <bystruev@xxxxxxxxx>
Date: Wed May 2 03:55:03 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

> The script then allowed him full access to site2 - someone else's site. He
could delete the files if he wished.

Are you sure?  It should not be able to have write access to site2 files (or
delete them).  It may read and execute them though.  Do ls -l
/home/sites/site2/web and see for yourself:

-rw-rw-r--   1 nobody   site2        5993 Apr 26 04:34 index.html

Means anybody can read index.html (that's what we want, don't we?), but only
someone from site2 group (like nobody.site2) can write it or delete it.

--
Thanks,
Denis

$99 dedicated hosting directory http://99servers.com


_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com

References:
- [cobalt-users] Major security issue - PHP
  - From: Simon Pierce

Prev by Date: [cobalt-users] RAQ4 Fan
Next by Date: Re: [cobalt-users] Raq hangs at Net Booting
Previous by thread: Re: [cobalt-users] sshd2
Next by thread: Re: [cobalt-users] Major security issue - PHP

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index