[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Major security issue - PHP

Subject: Re: [cobalt-users] Major security issue - PHP
From: "Simon Pierce"<simon@xxxxxxxxxxxxxxx>
Date: Wed May 2 16:59:11 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

Hi,

> It should not be able to have write access to site2 files (or
> delete them). It may read and execute them though. Do ls -l
> /home/sites/site2/web and see for yourself:

Okay, I did this:

ls -l /home/sites/site2/web/index.shtml

and it came back with this:

-rw-rw-r--   1 admin    site2        6117 Mar 28 16:08 /home/sites/site2/web/index.shtml

But yes, it just allowed site3 to make changes to site2 with no error messages, permissions problems or requests for passwords right from their PHP script.

Simon

Follow-Ups:
- Re: [cobalt-users] Major security issue - PHP
  - From: flash22
- Re: [cobalt-users] Major security issue - PHP
  - From: Gerald Waugh

Prev by Date: [cobalt-users] [ircservices@xxxxxxxxxxxxx]
Next by Date: Re: [cobalt-users] list email errors
Previous by thread: Re: [cobalt-users] Major security issue - PHP
Next by thread: Re: [cobalt-users] Major security issue - PHP

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index