[pmwiki-users] Wiki vandalism via chgrp?
Ian Barton
lists at manor-farm.org
Wed Aug 15 01:56:42 CDT 2007
>
> Is it conceivable that another user on the same system (this being a
> shared host) could have used the chgrp command to gain access to the
> files? Or is chgrp pretty well locked down? Ideas welcome. Thanks!
> --Ben S
>
> _______________________________________________
That would depend on how the shared host was configured. If some twit
had arranged things so that all virtual users shared the same web
account group, so your file permissions looked like:
ben.webgroup
Then it's possible that anyone with a shell account might be able to
overwrite your files. However, that doesn't explain how they changed the
group ownership.
Given the nature of the attack it seems likely that someone has
exploited a security loophole in the ISP's setup. As you say anyone who
had direct ftp/shell access would probably simply delete the files.
Ian.
More information about the pmwiki-users
mailing list