[nycphp-talk] Pair Network's "security" model - could it be this bad?
Chris Snyder
csnyder at chxo.com
Tue Jun 1 14:59:04 EDT 2004
Kamm, William R (Bill), ALABS wrote:
>I agree with Jay, When I ftp or ssh into my account at boxnix, the root
>directory is the home directory of my account. I can't "cd ..". I just
>end up at the root level, and can only see my files. How could anyone
>else with a different account have access to my files?
>
This degree of protection is not standard or default, especially with
ssh. In, er, less developed operations they may not be using a chroot'd
ssh or shell.
Anyway, unless the webserver is restricted to your home directory, too
(unlikely), someone might be able to use the webserver to do their dirty
work for them:
<?php print file_get_contents("/home/otheruser/.htpasswd"); ?>
Again, that's what safe mode protects against.
More information about the talk
mailing list