On 5/19/07, Al <news@xxxxxxxxxxxxx> wrote:
How can anyone, other than the staff, get into my site? Far as I know, other users can't get out of their own domain space and into mine.
That's quite easy, especially when you have SSH access. Of course, it will only work with specific settings, and that might be blocked on some hosts, but it works for me. On my host, accounts for domains are just in /home so let's say i have 2 accounts, account a & b. their directorys are resp. /home/a & /home/b. When i create a diretory with account a at /home/a/dir, and i chmod it 757, i can write a file there from account b. Tijnema
Tijnema wrote: > On 5/19/07, Al <news@xxxxxxxxxxxxx> wrote: >> But, SSH and telnet, etc. require authentication login-in and all the >> executables you mentioned [and others] require >> someone who has access to upload a harmful file to start with. Right? >> Once they are in there, they can do anything they >> please anyhow. >> >> Al......... > > Well, you were talking about a shared linux host, so other people, > from a different account, could just upload files, and if you have a > directory with 757, that user could write to it. > > Tijnema >> >> Tijnema ! wrote: >> > On 5/18/07, Al <news@xxxxxxxxxxxxx> wrote: >> >> How can they write or edit files there without having ftp access or >> >> the site's file manager? >> > >> > SSH access? Telnet maybe? PHP script? CGI script? ASP script? >> > >> > There are a lot of possible ways someone can write there. >> > >> > Tijnema >> >> >> >> Tijnema ! wrote: >> >> > On 5/18/07, Al <news@xxxxxxxxxxxxx> wrote: >> >> >> I'm on a shared Linux host and have been wondering about >> security and >> >> >> directory "other" ["world"] permissions. >> >> >> >> >> >> The defaults are 755. The 'others' [world] can read them only. >> >> >> >> >> >> Is there a security hole if a dir on the doc root if a directory >> has >> >> >> permissions 757? >> >> >> >> >> >> If there is a security problem, what is it? >> >> >> >> >> >> Thanks... >> >> >> >> >> > >> >> > If you have a directory with 757 permissions, "world" can create new >> >> > files there. >> >> > >> >> > And if you give files 757 (or 646) permissions, then "world" can >> edit >> >> > that file. >> >> > >> >> > So if you have a doc dir, you probably don't want extra files there. >> >> > It's not really a security problem, but if somebody notices it, he >> >> > might write files there. >> >> > >> >> > Tijnema >> >> >> >> -- >> >> PHP General Mailing List (http://www.php.net/) >> >> To unsubscribe, visit: http://www.php.net/unsub.php >> >> >> >> >> >> -- >> PHP General Mailing List (http://www.php.net/) >> To unsubscribe, visit: http://www.php.net/unsub.php >> >> -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
