[GLLUG] root access
Dpk
dpk@egr.msu.edu
Fri, 12 Apr 2002 14:15:22 -0400
On Thu, Apr 11, 2002 at 10:14:42AM -0400, Charles Williams wrote:
While on the subject of root access ...
We are on Solaris and some of our web team have found a way to
"break in" to root access with ws_ftp to upload files (usually html
or gifs) from their wintel pc. I know I've tried this out: with
ws_ftp I can delete a file I don't have privileges for. Then I can
upload my own version over it. One of our more creative graphic
guys uses ws_ftp to mount our web server on his pc I think. (I
haven't tried or actually seen this but I've seen results of it.)
None of this is a big deal since we're all on good terms with each
other and our group is transitioning to a more secure way of
life. In the meantime, has anyone else experienced this problem? Do
you know a fix for it?
This problem is most likely related to misconfiguration... either with
the ftp server, user(s), file ownership/permissions, etc.
This is definately the default for any version of Solaris I have used
(2.5 - 8)
Dennis