I'm genuinely interested to know with whom you're hosting... -- itoctopus - http://www.itoctopus.com "Tijnema" <tijnema@xxxxxxxxx> wrote in message news:d8269d910705181734g8478851mb53d12a3460e9a6d@xxxxxxxxxxxxxxxxx > On 5/19/07, Al <news@xxxxxxxxxxxxx> wrote: >> How can anyone, other than the staff, get into my site? Far as I know, >> other users can't get out of their own domain >> space and into mine. > > That's quite easy, especially when you have SSH access. > Of course, it will only work with specific settings, and that might be > blocked on some hosts, but it works for me. > On my host, accounts for domains are just in /home > so let's say i have 2 accounts, account a & b. > their directorys are resp. /home/a & /home/b. > When i create a diretory with account a at /home/a/dir, and i chmod it > 757, i can write a file there from account b. > > Tijnema >> >> Tijnema wrote: >> > On 5/19/07, Al <news@xxxxxxxxxxxxx> wrote: >> >> But, SSH and telnet, etc. require authentication login-in and all the >> >> executables you mentioned [and others] require >> >> someone who has access to upload a harmful file to start with. Right? >> >> Once they are in there, they can do anything they >> >> please anyhow. >> >> >> >> Al......... >> > >> > Well, you were talking about a shared linux host, so other people, >> > from a different account, could just upload files, and if you have a >> > directory with 757, that user could write to it. >> > >> > Tijnema >> >> >> >> Tijnema ! wrote: >> >> > On 5/18/07, Al <news@xxxxxxxxxxxxx> wrote: >> >> >> How can they write or edit files there without having ftp access or >> >> >> the site's file manager? >> >> > >> >> > SSH access? Telnet maybe? PHP script? CGI script? ASP script? >> >> > >> >> > There are a lot of possible ways someone can write there. >> >> > >> >> > Tijnema >> >> >> >> >> >> Tijnema ! wrote: >> >> >> > On 5/18/07, Al <news@xxxxxxxxxxxxx> wrote: >> >> >> >> I'm on a shared Linux host and have been wondering about >> >> security and >> >> >> >> directory "other" ["world"] permissions. >> >> >> >> >> >> >> >> The defaults are 755. The 'others' [world] can read them only. >> >> >> >> >> >> >> >> Is there a security hole if a dir on the doc root if a directory >> >> has >> >> >> >> permissions 757? >> >> >> >> >> >> >> >> If there is a security problem, what is it? >> >> >> >> >> >> >> >> Thanks... >> >> >> >> >> >> >> > >> >> >> > If you have a directory with 757 permissions, "world" can create >> >> >> > new >> >> >> > files there. >> >> >> > >> >> >> > And if you give files 757 (or 646) permissions, then "world" can >> >> edit >> >> >> > that file. >> >> >> > >> >> >> > So if you have a doc dir, you probably don't want extra files >> >> >> > there. >> >> >> > It's not really a security problem, but if somebody notices it, >> >> >> > he >> >> >> > might write files there. >> >> >> > >> >> >> > Tijnema >> >> >> >> >> >> -- >> >> >> PHP General Mailing List (http://www.php.net/) >> >> >> To unsubscribe, visit: http://www.php.net/unsub.php >> >> >> >> >> >> >> >> >> >> -- >> >> PHP General Mailing List (http://www.php.net/) >> >> To unsubscribe, visit: http://www.php.net/unsub.php >> >> >> >> >> >> -- >> PHP General Mailing List (http://www.php.net/) >> To unsubscribe, visit: http://www.php.net/unsub.php >> >> -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
