[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Security issue regarding Sites Backups
- Subject: Re: [cobalt-security] Security issue regarding Sites Backups
- From: Ted Behling <TBehling@xxxxxxxxxxxxx>
- Date: Sat, 01 Sep 2001 14:36:59 -0400
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
At 10:28 AM 8/28/01 +0200, Davide Crudo wrote:
>I'm new to te list, so I have no idea if this has been
>handled before:
>
>I've noticed that it is possible for a user to restore a website
>wich does not belong to him/her just with his user
>permissions...
I wondered about this when I first got my RaQ. I actually started
analyzing the Perl source code the other day, but didn't get too far into
it. Have you actually restored a Web site you didn't own, or is this just
theoretical? Maybe I'll reverse-engineer the .raq format (I think it's
just a tarball, like a .pkg) and see if I can "restore" an arbitrary file
(/etc/shadow and /etc/passwd, maybe...).
--------------------------------------------------------------------------
Ted Behling, Web Application Developer - Monarch Information Systems, Inc.
43 Folly Field Road, Unit 4, Hilton Head Island, SC 29928-5434
E-mail: mailto:TBehling@xxxxxxxxxxxxx
Phone/Fax: 1-800-842-7894 Local or Outside the USA: 1-843-842-7894
Cell Phone (urgent issues): 843-816-7895
Cell Phone E-mail: mailto:TedPhone@xxxxxxxxxxxxx (116 letter limit)
Web site: http://www.MonarchIS.net
--------------------------------------------------------------------------