[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Sheflug] PHP and Plusnet

To: shef-lug [at] xxxxxxxxxxxxxxxxxxx
Subject: [Sheflug] PHP and Plusnet
From: Ashe <ashe [at] xxxxxxxxxxxxxxxxxxxxx>
Date: Tue, 11 Nov 2003 18:17:40 +0000
Delivered-to: shef-lug [at] list.sheflug.org.uk
List-help: <mailto:shef-lug-request [at] list.sheflug.org.uk?subject=help>
List-id: Sheflug <shef-lug.list.sheflug.org.uk>
List-post: <mailto:shef-lug [at] list.sheflug.org.uk>
List-subscribe: <http://community.uklinux.net/mailman/listinfo/shef-lug>,<mailto:shef-lug-request [at] list.sheflug.org.uk?subject=subscribe>
List-unsubscribe: <http://community.uklinux.net/mailman/listinfo/shef-lug>,<mailto:shef-lug-request [at] list.sheflug.org.uk?subject=unsubscribe>
Organization: Digital Ghost Systems
Reply-to: shef-lug [at] xxxxxxxxxxxxxxxxxxx
Sender: shef-lug-admin [at] xxxxxxxxxxxxxxxxxxx
User-agent: KMail/1.5.3

I found out something interesting about the cgi webspace servers that plusnet 
uses to allow its customers to have php access. It seems that the way it's 
configured means that all users on the system are in the same group, the 
upshot of this is that its perfectly possible to go into another users 
webspace, and grab any sql server password/other interesting hidden goodies. 
Now, maybe I'm naive, and they quite possibly have good reasons to set it up 
the way it is, but I think thats a dreadful bit of system configuration.

Any ideas why they'd pull a stunt like that? Anybody heard of any other ISP's 
using a similar setup?

Ashe
-- 
Never give a sucker an even break, especially if he's a big, mean sucker

___________________________________________________________________

Sheffield Linux User's Group -
http://www.sheflug.co.uk/mailfaq.html

  GNU the choice of a complete generation.

Follow-Ups:
- Re: [Sheflug] PHP and Plusnet
  - From: Alex Hudson
- [Sheflug] Re: PHP and Plusnet
  - From: Richard
- Re: [Sheflug] PHP and Plusnet
  - From: Marcus Hanwell

Prev by Date: Re: [Sheflug] Space problems on a machine
Next by Date: Re: [Sheflug] PHP and Plusnet
Previous by thread: Re: [Sheflug] Dedicated Server Setup
Next by thread: Re: [Sheflug] PHP and Plusnet
Index(es):
- Date
- Thread