Log in

No account? Create an account
Daily Random Thoughts - Baxil [bakh-HEEL'], n. My Sites [Tomorrowlands] [The TTU Wiki] [Photos]
View My LJ [By Tag]

January 30th, 2009
08:45 am
[User Picture]


Previous Entry Share Next Entry
Daily Random Thoughts
(via LoudTwitter)
  • 11:34 Things you DON'T want to see on the "secure" webserver, part 1 in a series: "-rwxrwxrwx 1 root other 95 Jan 21 2003 test.cgi*" #
  • 12:58 Question: Did I once accidentally start a movement while I wasn't looking? is.gd/hIZ3 predates the LJ appliance_kin comm by 2 months. #


(2 comments | Leave a comment)

[User Picture]
Date:February 1st, 2009 01:00 am (UTC)
Okay, I'm not really up on UNIX file permissions - is that a script with root privileges that anyone can run? And edit?
Date:February 1st, 2009 01:23 am (UTC)

That is a CGI that is owned by root, but it is not setuid root, so it is not granted the privileges of root when run. (If it were, it would have "rws" in the first position.) CGIs that are owned by root generally run under the user ID of the webserver process. It is still world-writable, which is still bad, because it means anyone on the local host who can access that file at all and who can cause a request to be made to that CGI can cause the webserver to run arbitrary code.

Tomorrowlands Powered by LiveJournal.com