Home Messages Index
[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index

Re: chmod and security

  • Subject: Re: chmod and security
  • From: Baho Utot <onub-hgbg@xxxxxxxxxxxxxxx>
  • Date: Fri, 23 Dec 2005 15:37:51 GMT
  • Newsgroups: alt.www.webmaster
  • Organization: Road Runner High Speed Online http://www.rr.com
  • References: <43abdb19$0$8068$ba624c82@nntp02.dk.telia.net> <Xns9735807363210mecharlessweeneycom@> <doh0dj$21mq$2@godfrey.mcc.ac.uk> <43ac0b17$0$11170$ba624c82@nntp02.dk.telia.net>
  • User-agent: Pan/ (As She Crawled Across the Table)
  • Xref: news.mcc.ac.uk alt.www.webmaster:307933
On Fri, 23 Dec 2005 15:34:57 +0100, Jim shouted Hoy......

>> If you have a piece of Web-based software, be careful. If hacked
>> (assuming it
>> allows the user to upload files) expect this case of hijacking to put
>> the entire Web server in jeopardy. Choose good software; choose
>> hard-to-crack passwords.
> Only the .txt and .xml file are 666, but I guess that means everyone can
> replace the content? ( I am not sure how they can do that?) I do a PHP
> "include" for one of them, but I guess that is a bad idea as replaced
> content in <? hack ?> can very harmful...

Are the text and XML files owned by the web servers user?  
If so (assuming a *nix server) then the permissions can be set 600

Additional I would

chmod -t 600 <filespec>
When -t set for a directory, it means that only the owner of the file and
the owner of that directory may remove the file from that directory.  
Group permissions should not be needed nor permissions for "others".


chattr -A  <filespec>
Its atime record is not modified.  This avoids a certain amount of disk I/O.

Dancin' in the ruins tonight
mail: echo onub-hgbg@xxxxxxxxxxxxxxx | perl -pe 'y/a-z/n-za-m/'
Tayo'y Mga Pinoy

[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index