[GLLUG] root access

Dpk dpk@egr.msu.edu
Fri, 12 Apr 2002 14:15:22 -0400

Previous message: [GLLUG] root access
Next message: [GLLUG] root access
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Apr 11, 2002 at 10:14:42AM -0400, Charles Williams wrote:

   While on the subject of root access ...
   
   We are on Solaris and some of our web team have found a way to
   "break in" to root access with ws_ftp to upload files (usually html
   or gifs) from their wintel pc. I know I've tried this out: with
   ws_ftp I can delete a file I don't have privileges for. Then I can
   upload my own version over it. One of our more creative graphic
   guys uses ws_ftp to mount our web server on his pc I think. (I
   haven't tried or actually seen this but I've seen results of it.)
   None of this is a big deal since we're all on good terms with each
   other and our group is transitioning to a more secure way of
   life. In the meantime, has anyone else experienced this problem? Do
   you know a fix for it?
   
This problem is most likely related to misconfiguration... either with
the ftp server, user(s), file ownership/permissions, etc.  

This is definately the default for any version of Solaris I have used
(2.5 - 8)

Dennis

Previous message: [GLLUG] root access
Next message: [GLLUG] root access
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]