[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Major security issue - PHP

Subject: Re: [cobalt-users] Major security issue - PHP
From: flash22@xxxxxxx
Date: Wed May 2 18:59:02 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

On Thu, 3 May 2001, Simon Pierce wrote:

> Hi,
> 
> > It should not be able to have write access to site2 files (or
> > delete them). It may read and execute them though. Do ls -l
> > /home/sites/site2/web and see for yourself:
> 
> Okay, I did this:
> 
> ls -l /home/sites/site2/web/index.shtml
> 
> and it came back with this:
> 
> -rw-rw-r--   1 admin    site2        
6117 Mar 28 16:08 /home/sites/site2/web/index.shtml
> 
> But yes, it just allowed site3 to make changes to site2 with no
 error messages, permissions problems or 
requests for passwords right from their PHP script.

If you don't have site-adm for both sites, then by default they both have
'admin' as site owner, so they also are both owned by the same user, so
of course, they are writable by each others scripts ;)

gsh

References:
- Re: [cobalt-users] Major security issue - PHP
  - From: Simon Pierce

Prev by Date: Re: [cobalt-users] Getting Mail working for virtual host
Next by Date: RE: [cobalt-users] [ircservices@xxxxxxxxxxxxx]
Previous by thread: Re: [cobalt-users] Major security issue - PHP
Next by thread: Re: [cobalt-users] Major security issue - PHP

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index