Just a query..
Out of curosity, I just did this (user is eggdrop, does not have
administrator privledges). In a home users folder I just dropped in short
script, and chmod +x 'ed it.
#!/bin/sh
printf "Content-type: text/plain\n\n"
ps aux | grep eggdrop
Apache seems to be configured on the XTR's so any files with a .cgi
extension will execute. This is normal.
BUT:
admin 3512 0.0 0.0 1212 452 ? S 08:20 0:00 grep eggdrop
The .cgi script is running as admin, and not the user?
This is a concern, I'm sure that the boxes could be exploited, i.e. write a
script to read something out the admin home folder, to run a program, etc...
Am I incorrect in this? (Its late, heh).
Ryan Verner
_______________________________________________
cobalt-developers mailing list
[EMAIL PROTECTED]
http://list.cobalt.com/mailman/listinfo/cobalt-developers
