Re: [ot] Chmods for phpNuke...
Well, that's scary... Anyone knows of more secure alternatives?
On Thu, 25 Oct 2001, Damon Muller wrote:
> Quoth Alexander Wallace,
> > This is more of a linux question... Is there a way to change recursivly
> > the mode to directories only?
> >
> > PHP Nuke requires me to change all files to 666 (chmod -R 666 *) and to
> > 777 all direcotories in order to use the file manager... Can this be done
> > in a sinle operation?
>
> You could always just re-enable telnet and remove the password for the
> root account...
>
> Seriously, you really shouldn't do this on a publically accessible
> machine.
>
> PPHNuke has had many security problems reported on BugTraq and lwn.net,
> many of which do not seem to be addressed with any great haste.
>
> Specifically, from last weeks lwn.net (http://lwn.net/2001/1018/security.php3),
>
> Login vulnerability in PostNuke. The PostNuke web portal system
> (up to version 0.64) has a vulnerability which can allow an
> attacker to log into other users' accounts. A fix is included in
> the report. It appears that PhpNuke is also vulnerable to this
> attack. (We also still have not seen a new PhpNuke release
> fixing the severe, widely-exploited vulnerability in version
> 5.2.)
>
> You really should consider checking out something else.
>
> However, it's your machine. :)
>
> cheers,
>
> damon
>
> --
> Damon Muller :: Department of Criminology :: University of Melbourne
>
> I am Revenge: sent from the infernal kingdom,
> To ease the gnawing vulture of thy mind,
> By working wreakful vengeance on thy foes.
> -- Titus Andronicus
>
>
> --
> To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
>
Reply to: