[GLLUG] root access

Ben Pfaff blp@cs.stanford.edu
12 Apr 2002 11:20:40 -0700

Previous message: [GLLUG] root access
Next message: [GLLUG] root access
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Charles Williams <willcha@sme.org> writes:

> We are on Solaris and some of our web team have found a way to "break in" to
> root access with ws_ftp to upload files (usually html or gifs) from their
> wintel pc. I know I've tried this out: with ws_ftp I can delete a file I
> don't have privileges for.  [...]

Are you deleting a file that you don't own that is in a directory
that you do own?  That's allowed and not a security hole.
-- 
<blp@cs.stanford.edu> <pfaffben@msu.edu> <pfaffben@debian.org> <blp@gnu.org>
Stanford Ph.D. Student - MSU Alumnus - Debian Maintainer - GNU Developer
Personal webpage: http://www.msu.edu/~pfaffben

Previous message: [GLLUG] root access
Next message: [GLLUG] root access
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]