|
|
Sponsored Content
Top Forums
UNIX for Dummies Questions & Answers
privileges
Post 88299 by flyingpenguin on Wednesday 2nd of November 2005 07:28:43 PM
11-02-2005
Someone could easily misuse the directory permissions. A better solution would be change the picture directory permissions to 722. This allows users to add pictures to the picture directory while preventing a bunch of malicious attacks.
I can think of some already...
1) Someone uses the upload feature on your website to upload a malicious script to the server. They then enter some shell escape sequences followed by a command to execute the file in the same picture upload feature.
2) Some uses shell escape sequences to view directories, processes, open source files, view payrolls, and other files that don't have properly set permissions.
3) Someone uses shell escape sequences then execute rm -f * in the picture directory.
If your script filters out shell escape sequences and don't allow users to have execute permissions then alot of these attacks are preventable, but there's still more.
Just a few words of advice.
I can think of some already...
1) Someone uses the upload feature on your website to upload a malicious script to the server. They then enter some shell escape sequences followed by a command to execute the file in the same picture upload feature.
2) Some uses shell escape sequences to view directories, processes, open source files, view payrolls, and other files that don't have properly set permissions.
3) Someone uses shell escape sequences then execute rm -f * in the picture directory.
If your script filters out shell escape sequences and don't allow users to have execute permissions then alot of these attacks are preventable, but there's still more.
Just a few words of advice.
|
|
10 More Discussions You Might Find Interesting
1. UNIX for Advanced & Expert Users
I have used several Linux Flavors and now I need to know something. I have the ROOT user and then I have my personal user. What I need to do is for my normal user to be able to write files to directories where appearntly, only the root user has privileges.
For example, to write files to... (1 Reply)
Discussion started by: gdboling
1 Replies
2. Programming
Hi
I have make a program that needs root privleges but any user can try to run it, so what I want it is, when any user tries( other than root ) to run the program, an input prompt would open to enter root password ( if user knows ) and program will run ( otherwise exit ), and after completing... (21 Replies)
Discussion started by: sumsin
21 Replies
3. UNIX for Dummies Questions & Answers
I have 3 simple and regular accounts the privileges are ordinary
They can't execute or write to differed account but can read from each other
I will like to turn one of the accounts to be able to copy files to other account
But not able to delete any file in other account only copy files ... (2 Replies)
Discussion started by: umen
2 Replies
4. UNIX for Dummies Questions & Answers
Hello genius..!
what do y'all think of these questions...? help appreciated...!
Access Control Lists and privileges....
# Why both file ACLs and user permissions/privileges (not to be confused with rights in ACLs) are used in Windows access control (why not just use one of these)?
# In... (1 Reply)
Discussion started by: heroine
1 Replies
5. UNIX for Dummies Questions & Answers
Hello,
As admin with root rights, to execute any command from another user without password-ask, I do : su - <user> -c "<cmd>"
But how can I do to give the same rights to another physical user without using root user ? :confused:
I've try to create another user "toor" with the same primary... (4 Replies)
Discussion started by: madmat
4 Replies
6. AIX
Hi All,
I use "cp -R /fs/* /newfs" and I can copy everything except it won't have the files/directories the same privileges.
Is there a trick to this without using a software-backup.
Thanks in advance,
itik (3 Replies)
Discussion started by: itik
3 Replies
7. Web Development
Salamo Alikom
i had install MySQL 5.1.33 binary version for FreeBSD ,when i logging to phpMyAdmin as root i see no privilege
to create database ,how can i solve this problem ? (1 Reply)
Discussion started by: SIFE
1 Replies
8. Programming
i have installed oracle 10g and two databases.
i enter database1 as sysdba and create a user called user1.i give the privileges as "select on" to user1.
i enter sqlplus from the shell prompt. i enter as user1. but when i do "select * from emp" i have a "the table doesn't exist". how can i give... (3 Replies)
Discussion started by: symeje
3 Replies
9. Shell Programming and Scripting
My English is no very good.
I must make a bash scripting sh create like a backdoor, and when execute the script a user without privileges convert in super user or root, whithout introducing the password.
In Spanish:
Crear un script que sirva como puerta trasera al sistema, de manera que al... (1 Reply)
Discussion started by: kitievbr
1 Replies
10. UNIX for Dummies Questions & Answers
Hi
What privileges I need to install X11?
Or, in other words, can I install X11 without root privileges? The only user that installed X11 will use it.
If it depends on OS version, here is the list of operating systems:
Linux Red Hat Enterprise AS/ES 4.0/4.5/5
... (1 Reply)
Discussion started by: lleontiev
1 Replies
LEARN ABOUT OSX
git-shell
GIT-SHELL(1) Git Manual GIT-SHELL(1) NAME
git-shell - Restricted login shell for Git-only SSH access SYNOPSIS
chsh -s $(command -v git-shell) <user> git clone <user>@localhost:/path/to/repo.git ssh <user>@localhost DESCRIPTION
This is a login shell for SSH accounts to provide restricted Git access. It permits execution only of server-side Git commands implementing the pull/push functionality, plus custom commands present in a subdirectory named git-shell-commands in the user's home directory. COMMANDS
git shell accepts the following commands after the -c option: git receive-pack <argument>, git upload-pack <argument>, git upload-archive <argument> Call the corresponding server-side command to support the client's git push, git fetch, or git archive --remote request. cvs server Imitate a CVS server. See git-cvsserver(1). If a ~/git-shell-commands directory is present, git shell will also handle other, custom commands by running "git-shell-commands/<command> <arguments>" from the user's home directory. INTERACTIVE USE
By default, the commands above can be executed only with the -c option; the shell is not interactive. If a ~/git-shell-commands directory is present, git shell can also be run interactively (with no arguments). If a help command is present in the git-shell-commands directory, it is run to provide the user with an overview of allowed actions. Then a "git> " prompt is presented at which one can enter any of the commands from the git-shell-commands directory, or exit to close the connection. Generally this mode is used as an administrative interface to allow users to list repositories they have access to, create, delete, or rename repositories, or change repository descriptions and permissions. If a no-interactive-login command exists, then it is run and the interactive shell is aborted. EXAMPLE
To disable interactive logins, displaying a greeting instead: $ chsh -s /usr/bin/git-shell $ mkdir $HOME/git-shell-commands $ cat >$HOME/git-shell-commands/no-interactive-login <<EOF #!/bin/sh printf '%s ' "Hi $USER! You've successfully authenticated, but I do not" printf '%s ' "provide interactive shell access." exit 128 EOF $ chmod +x $HOME/git-shell-commands/no-interactive-login To enable git-cvsserver access (which should generally have the no-interactive-login example above as a prerequisite, as creating the git-shell-commands directory allows interactive logins): $ cat >$HOME/git-shell-commands/cvs <<EOF if ! test $# = 1 && test "$1" = "server" then echo >&2 "git-cvsserver only handles "server"" exit 1 fi exec git cvsserver server EOF $ chmod +x $HOME/git-shell-commands/cvs SEE ALSO
ssh(1), git-daemon(1), contrib/git-shell-commands/README GIT
Part of the git(1) suite Git 2.17.1 10/05/2018 GIT-SHELL(1)