[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Major security issue - PHP

Subject: Re: [cobalt-users] Major security issue - PHP
From: "Gerald Waugh" <gerald@xxxxxxxxx>
Date: Thu May 3 02:29:18 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

> > It should not be able to have write access to site2
files (or
> > delete them). It may read and execute them though. Do
ls -l
> > /home/sites/site2/web and see for yourself:
> Okay, I did this:
> ls -l /home/sites/site2/web/index.shtml
> and it came back with this:
> -rw-rw-r--   1 admin    site2        6117 Mar 28 16:08
/home/sites/site2/web/index.shtml
> But yes, it just allowed site3 to make changes to site2
with no error messages, permissions problems or requests for
passwords right from their PHP script.

Do both of the sites have owner "admin"?
If so, then the owner can use both sites as he likes.
Gerald

Follow-Ups:
- RE: [cobalt-users] Major security issue - PHP
  - From: Chris Mason

References:
- Re: [cobalt-users] Major security issue - PHP
  - From: Simon Pierce

Prev by Date: Re: [cobalt-users] SSL cert Transfer
Next by Date: [cobalt-users] SSL problem on Raq4
Previous by thread: Re: [cobalt-users] Major security issue - PHP
Next by thread: RE: [cobalt-users] Major security issue - PHP

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index