[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: nobody is 777 ?
Ben-Nes Michael wrote:
> So what shell a web master should do if he want people to upload images
> to directory ?
For anon ftp, give ONLY the anon ftp users permission. This
also sux, but upload sux anyhow.
Best thing is to write an Intrface through HTML. Hide all
details fromt he user. When you send an attachment through
HotMail, it u/l the file, but you can't know where to, what the name
would be, etc.
Or Hotmail may not be the right example, but you get the point
>
> As i know he must give the a+w to the file.
> is there other way ?
>
> Chen Shapira wrote:
>
> > > Place an 0777 file you ``don't care about'' in /tmp.
> > >
> > > I will replace its code with a trojan.
> > >
> > > If someone tries to run it -- after all, it has execute
> > > permissions -- they
> > > will be screwed, and they will blame you.
> > >
> > > QED.
> >
> > Point taken. Good thing I'm a web developer and not a sysadmin :0)
> >
> > Thanks.
> > Chen Shapira.
> >
> > =================================================================
> > To unsubscribe, send mail to linux-il-request@linux.org.il with
> > the word "unsubscribe" in the message body, e.g., run the command
> > echo unsubscribe | mail linux-il-request@linux.org.il
>
> --
> --------------------------
> Canaan Surfing Ltd.
> Internet Service Providers
> Ben-Nes Michael - Manager
> Tel: 972-6-6925757
> Fax: 972-6-6925858
> http://www.canaan.co.il
> --------------------------
>
> =================================================================
> To unsubscribe, send mail to linux-il-request@linux.org.il with
> the word "unsubscribe" in the message body, e.g., run the command
> echo unsubscribe | mail linux-il-request@linux.org.il
=================================================================
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il