Re: Apache Vulnerability in WebTen

To:

Subject:

From:

Date:

Mon, 24 Jun 2002 14:48:51 -0700 (PDT)

On Mon, 24 Jun 2002, Robert Brandtjen wrote:

> On Monday 24 June 2002 04:25 pm, you wrote:
> > It's not a matter of whether or not WebTen has certain "commands"
> > available.  It would be certainly possible for a hacker to "install"
> > certain commands on a victimized system in the /tmp directory (to which
> > all users have access), and run them.  Since any installed command could
> > only be run by user nobody, damage would be limited.
>
> hehe, not likely, unless you mean some perl scripts, see, binaries for unix
> wont run on just any old unix machine, they have to be compiled for that
> particular distro - and last I checked, webten had no such app as GCC
> installed with it to compile apps. a Mac will not let you run apps from just
> anywhere, it has no concept of root. installing a program on a mac would
> require the installation of an applescript which would then know to install
> what where.

You're forgetting about MachTen! ;)

Erik.

-- 
Erik Lotspeich                          Lead Engineer
Tenon Intersystems                      erik@xxxxxxxxx
1123 Chapala Street Ste 200             805-963-6983
Santa Barbara, CA 93101-3142            http://www.tenon.com/

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:	Re: Apache Vulnerability in WebTen, Erik Lotspeich
Next by Date:	Re: Apache Vulnerability in WebTen, Robert Brandtjen
Previous by Thread:	Re: Apache Vulnerability in WebTen, Robert Brandtjen
Next by Thread:	Re: Apache Vulnerability in WebTen, Robert Brandtjen
Indexes:	[Date] [Thread] [Top] [All Lists]