[Tfug] website file ownership problem

Adrian choprboy at dakotacom.net
Tue Apr 3 01:53:22 MST 2007


On Tuesday 03 April 2007 01:17, Paul Scott wrote:
> A website I maintain - http://www.susanartemis.com/ recently it has
> become inaccessible because it's main control file has had it's
> owner/group changed to "root/wheel" and there is no read permission. 
> They are suggesting that I upload a new "script" without security flaws
> but how can I upload/replace a file that their admin now owns?
> 
> The hosting company - 1hourhosting.com claims that the site has been
> hacked because of a security flaw in my code.  It is certainly possible
> that my simple code PHP code might have security flaws but could that
> have allowed a file's ownership to be changed to root?
> 

Well.... if they are running Apache as root then yes! ;)

Of course... if they are doing that, it is simple to replace the errant file. 
Just write/upload a quick PHP to write a new file, or use exec() to run a 
chown/chmod on the file in question. And while your at it, upload a few 
setuid files so you can be root whenever you want!

Otherwise, if your user owns and has RW permission to the root directory of 
your web base, then you should be able to delete it.

Adrian




More information about the tfug mailing list