Skip to main content.
home | support | download

Back to List Archive

Re: CGI script to build Swish-E (without command

From: Bill Moseley <moseley(at)not-real.hank.org>
Date: Tue Oct 08 2002 - 17:08:37 GMT
At 09:33 AM 10/08/02 -0700, SRE wrote:
>At 07:49 PM 10/6/02, Bill Moseley wrote:
>> >You would not want to do chmod 777 on a shared server.
>
>On Mon, 2002-10-07 00:18:42, SRE wrote:
>> Not for long, anyway.
>
>At 01:59 AM 10/8/02, Kurtis D. Rader wrote:
>>Not for one second.
>
>Really? You think the script kiddies are banging on random
>directory names and will just happen to stumble across yours
>the instant you open the protections? What makes you think that?

No, the point is there is no reason to chmod 777.  If you can untar before
your chmod then you don't need to chmod at all.  It's giving permissions to
someone else, and that doesn't include you so it has no use other than to
open a security hole.

If your ISP is not giving you telnet access because of security issues
(which maybe is not the case??) then you might think if the ISP doesn't
trust the other users, then you should not either.  With chmod 777 someone
can pretend they are you when they go off an attack something else.

>Interesting point of view. On a web server where NO ONE has
>shell access, NO ONE can view files not in their tree with FTP,
>and there are NO LINKS to a temporary directory, what makes you
>think it's a horrible security breach to spend 5 or 10 minutes
>with open protection before deleting the directory entirely?
>Can you suggest how an exploit might start if no one knows the
>directory name? Security through obscurity works if obscurity
>can be guaranteed.

It can't be guaranteed.  It's probably remote, true.  But someone could get
access to the web logs, see your cgi script, quickly replace it with
another script, run that via the web server, that sets up another script or
a cron job with your UID, replace your script, and then they can hack away
as you whenever they like.  Happens all the time.


>The bad guys would have to find AND exploit the open directory
>within a matter of a few minutes. That ain't gonna happen.

Happens all the time.  Those bad guys are not sitting there in telnet
sessions looking for cracks.

Granted it's a minor risk, and the worse thing is that all your files might
get deleted, or your user id will be linked to other hacking attempts.

So, If you don't need chmod 777 then don't use it.  The worry is someone
not as smart as you will use that script and have no clue that they are
opening up a security hole.




-- 
Bill Moseley
mailto:moseley@hank.org
Received on Tue Oct 8 17:12:27 2002