On 5/19/07, Al <news@xxxxxxxxxxxxx> wrote:
But, SSH and telnet, etc. require authentication login-in and all the executables you mentioned [and others] require someone who has access to upload a harmful file to start with. Right? Once they are in there, they can do anything they please anyhow. Al.........
Well, you were talking about a shared linux host, so other people, from a different account, could just upload files, and if you have a directory with 757, that user could write to it. Tijnema
Tijnema ! wrote: > On 5/18/07, Al <news@xxxxxxxxxxxxx> wrote: >> How can they write or edit files there without having ftp access or >> the site's file manager? > > SSH access? Telnet maybe? PHP script? CGI script? ASP script? > > There are a lot of possible ways someone can write there. > > Tijnema >> >> Tijnema ! wrote: >> > On 5/18/07, Al <news@xxxxxxxxxxxxx> wrote: >> >> I'm on a shared Linux host and have been wondering about security and >> >> directory "other" ["world"] permissions. >> >> >> >> The defaults are 755. The 'others' [world] can read them only. >> >> >> >> Is there a security hole if a dir on the doc root if a directory has >> >> permissions 757? >> >> >> >> If there is a security problem, what is it? >> >> >> >> Thanks... >> >> >> > >> > If you have a directory with 757 permissions, "world" can create new >> > files there. >> > >> > And if you give files 757 (or 646) permissions, then "world" can edit >> > that file. >> > >> > So if you have a doc dir, you probably don't want extra files there. >> > It's not really a security problem, but if somebody notices it, he >> > might write files there. >> > >> > Tijnema >> >> -- >> PHP General Mailing List (http://www.php.net/) >> To unsubscribe, visit: http://www.php.net/unsub.php >> >> -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
