[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20031112195302.GX98840@sentex.net>
From: damian at sentex.net (Damian Gerow)
Subject: Frontpage Extensions Remote Command Execution
Thus spake mattmurphy@...rr.com (mattmurphy@...rr.com) [12/11/03 14:41]:
> bulletin. A decent admin would configure FPSE such that this flaw is a
> non-issue. This is because no ordinary user has a reason to be accessing
> FPSE's files. If FPSE is secured, this means that an attacker is getting
> their own privileges back.
A decent OS shouldn't need the admin to go in and modify permissions on
specific files in order to give a ensure a basic security requirement.
While an ordinary user may have no reason to access those files, an ordinary
admin should similarily have no reason for modifying the permissions on
those files.
Powered by blists - more mailing lists