But, SSH and telnet, etc. require authentication login-in and all the executables you mentioned [and others] require
someone who has access to upload a harmful file to start with. Right? Once they are in there, they can do anything they
please anyhow.
Al.........
Tijnema ! wrote:
On 5/18/07, Al <news@xxxxxxxxxxxxx> wrote:
How can they write or edit files there without having ftp access or
the site's file manager?
SSH access? Telnet maybe? PHP script? CGI script? ASP script?
There are a lot of possible ways someone can write there.
Tijnema
Tijnema ! wrote:
> On 5/18/07, Al <news@xxxxxxxxxxxxx> wrote:
>> I'm on a shared Linux host and have been wondering about security and
>> directory "other" ["world"] permissions.
>>
>> The defaults are 755. The 'others' [world] can read them only.
>>
>> Is there a security hole if a dir on the doc root if a directory has
>> permissions 757?
>>
>> If there is a security problem, what is it?
>>
>> Thanks...
>>
>
> If you have a directory with 757 permissions, "world" can create new
> files there.
>
> And if you give files 757 (or 646) permissions, then "world" can edit
> that file.
>
> So if you have a doc dir, you probably don't want extra files there.
> It's not really a security problem, but if somebody notices it, he
> might write files there.
>
> Tijnema
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
