Re: Security Question, re directory permissions

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

How can anyone, other than the staff, get into my site? Far as I know, other users can't get out of their own domain space and into mine. 

Tijnema wrote:

On 5/19/07, Al <news@xxxxxxxxxxxxx> wrote:
But, SSH and telnet, etc. require authentication login-in and all the executables you mentioned [and others] require someone who has access to upload a harmful file to start with. Right? Once they are in there, they can do anything they 
please anyhow.

Al.........


Well, you were talking about a shared linux host, so other people,
from a different account, could just upload files, and if you have a
directory with 757, that user could write to it.

Tijnema


Tijnema ! wrote:
> On 5/18/07, Al <news@xxxxxxxxxxxxx> wrote:
>> How can they write or edit files there without having ftp access or
>> the site's file manager?
>
> SSH access? Telnet maybe? PHP script? CGI script? ASP script?
>
> There are a lot of possible ways someone can write there.
>
> Tijnema
>>
>> Tijnema ! wrote:
>> > On 5/18/07, Al <news@xxxxxxxxxxxxx> wrote:
>> >> I'm on a shared Linux host and have been wondering about security and 
>> >> directory "other" ["world"] permissions.
>> >>
>> >> The defaults are 755. The 'others' [world] can read them only.
>> >>
>> >> Is there a security hole if a dir on the doc root if a directory has 
>> >> permissions 757?
>> >>
>> >> If there is a security problem, what is it?
>> >>
>> >> Thanks...
>> >>
>> >
>> > If you have a directory with 757 permissions, "world" can create new
>> > files there.
>> >
>> > And if you give files 757 (or 646) permissions, then "world" can edit 
>> > that file.
>> >
>> > So if you have a doc dir, you probably don't want extra files there.
>> > It's not really a security problem, but if somebody notices it, he
>> > might write files there.
>> >
>> > Tijnema
>>
>> --
>> PHP General Mailing List (http://www.php.net/)
>> To unsubscribe, visit: http://www.php.net/unsub.php
>>
>>

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux