View Single Post
  #1  
Old 12th September 2006, 08:28
djtremors djtremors is offline
Senior Member
 
Join Date: Apr 2006
Location: Sydney
Posts: 278
Thanks: 0
Thanked 13 Times in 11 Posts
Default issue with no admin user allocated

Hey all,

Just noticed an issue where I have a user as an admin and files on their home path is 644 but I noticed that when I remove the admin rights to the ispc system for that site, all files belong to "apache" user now.

This opens the server up for writing now and any content can be changed if there is a vulnerable page whereas as the user they can't modify the files with the 644 permissions.

PHP Code:
drwxrwxr-x   2 apache web7 4096 Jul 21 10:32 cgi-bin
drwxr
-xr-x   3 apache web7 4096 Sep  5 09:58 log
drwxrwxrwx   2 apache web7 4096 Sep 12 12
:13 phptmp
drwxr
-xr-x   2 apache web7 4096 Jul 21 10:32 ssl
drwxr
-xr-x  11 apache web7 4096 Sep  8 21:24 user
drwxrwxr
-x  17 apache web7 4096 Sep 12 15:25 web 
anyone notice this?
Reply With Quote
Sponsored Links