* Joe <[EMAIL PROTECTED]> [2008-10-06 19:20:27 CEST]: > How can there be any way? If you allow users to upload executable > scripts, you might as well give them ssh access and be done with it. You > must enforce file create permissions on the upload system (ftp or > whatever) which do not include 'execute' for any user or group.
Please don't give such bad advices - creating files without execute permissions doesn't mean that they can't get executed. #v+ $> echo "echo hello world" > test.sh $> chmod -x test.sh $> /bin/sh test.sh hello world $> mkdir test $> cd test $> cp /bin/ls . $> chmod -x ls $> /lib/ld-2.7.so ./ls -a . .. ls $> #v- > Commercial web servers which offer scripting *do* normally also offer > ssh access, but what the user has access to is only a virtual machine, > not shared with anyone else. Chroot is nowhere near enough. chroot is though far closer than advicing to forcing non-execute permissions on the user files, and escaping from a chroot far more challenging. So long. :) Rhonda -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
