lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: damian at sentex.net (Damian Gerow)
Subject: Frontpage Extensions Remote Command Execution

Thus spake mattmurphy@...rr.com (mattmurphy@...rr.com) [12/11/03 14:41]:
> bulletin.  A decent admin would configure FPSE such that this flaw is a
> non-issue.  This is because no ordinary user has a reason to be accessing
> FPSE's files.  If FPSE is secured, this means that an attacker is getting
> their own privileges back.

A decent OS shouldn't need the admin to go in and modify permissions on
specific files in order to give a ensure a basic security requirement.
While an ordinary user may have no reason to access those files, an ordinary
admin should similarily have no reason for modifying the permissions on
those files.


Powered by blists - more mailing lists