[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: nobody is 777 ?



As proven before - I'm not a sysadmin, but what if you give read permissions
to all and write permissions to the person who uploaded it, no execute
permissions?



> -----Original Message-----
> From: Ben-Nes Michael [mailto:miki@canaan.co.il]
> Sent: Thursday, February 24, 2000 3:04 PM
> To: ILUG
> Subject: Re: nobody is 777 ?
> 
> 
> So what shell a web master should do if he want people to 
> upload images
> to directory ?
> As i know he must give the a+w to the file.
> is there other way ?
> 
> Chen Shapira wrote:
> 
> > > Place an 0777 file you ``don't care about'' in /tmp.
> > >
> > > I will replace its code with a trojan.
> > >
> > > If someone tries to run it -- after all, it has execute
> > > permissions -- they
> > > will be screwed, and they will blame you.
> > >
> > > QED.
> >
> > Point taken. Good thing I'm a web developer and not a sysadmin :0)
> >
> > Thanks.
> > Chen Shapira.
> >
> > =================================================================
> > To unsubscribe, send mail to linux-il-request@linux.org.il with
> > the word "unsubscribe" in the message body, e.g., run the command
> > echo unsubscribe | mail linux-il-request@linux.org.il
> 
> --
> --------------------------
> Canaan Surfing Ltd.
> Internet Service Providers
> Ben-Nes Michael - Manager
> Tel: 972-6-6925757
> Fax: 972-6-6925858
> http://www.canaan.co.il
> --------------------------
> 
> 
> 
> =================================================================
> To unsubscribe, send mail to linux-il-request@linux.org.il with
> the word "unsubscribe" in the message body, e.g., run the command
> echo unsubscribe | mail linux-il-request@linux.org.il
> 

=================================================================
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il