[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: nobody is 777 ?



So what shell a web master should do if he want people to upload images
to directory ?
As i know he must give the a+w to the file.
is there other way ?

Chen Shapira wrote:

> > Place an 0777 file you ``don't care about'' in /tmp.
> >
> > I will replace its code with a trojan.
> >
> > If someone tries to run it -- after all, it has execute
> > permissions -- they
> > will be screwed, and they will blame you.
> >
> > QED.
>
> Point taken. Good thing I'm a web developer and not a sysadmin :0)
>
> Thanks.
> Chen Shapira.
>
> =================================================================
> To unsubscribe, send mail to linux-il-request@linux.org.il with
> the word "unsubscribe" in the message body, e.g., run the command
> echo unsubscribe | mail linux-il-request@linux.org.il

--
--------------------------
Canaan Surfing Ltd.
Internet Service Providers
Ben-Nes Michael - Manager
Tel: 972-6-6925757
Fax: 972-6-6925858
http://www.canaan.co.il
--------------------------



=================================================================
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il