Daily Random Thoughts - Baxil [bakh-HEEL'], n.
[The TTU Wiki]
View My LJ
Daily Random Thoughts|
Tags: 140 characters
|Date:||February 1st, 2009 01:00 am (UTC)|| |
Okay, I'm not really up on UNIX file permissions - is that a script with root privileges that anyone can run? And edit?
|Date:||February 1st, 2009 01:23 am (UTC)|| |
That is a CGI that is owned by root, but it is not setuid root, so it is not granted the privileges of root when run. (If it were, it would have "rws" in the first position.) CGIs that are owned by root generally run under the user ID of the webserver process. It is still world-writable, which is still bad, because it means anyone on the local host who can access that file at all and who can cause a request to be made to that CGI can cause the webserver to run arbitrary code.