Well, that's scary... Anyone knows of more secure alternatives? On Thu, 25 Oct 2001, Damon Muller wrote:
> Quoth Alexander Wallace, > > This is more of a linux question... Is there a way to change recursivly > > the mode to directories only? > > > > PHP Nuke requires me to change all files to 666 (chmod -R 666 *) and to > > 777 all direcotories in order to use the file manager... Can this be done > > in a sinle operation? > > You could always just re-enable telnet and remove the password for the > root account... > > Seriously, you really shouldn't do this on a publically accessible > machine. > > PPHNuke has had many security problems reported on BugTraq and lwn.net, > many of which do not seem to be addressed with any great haste. > > Specifically, from last weeks lwn.net > (http://lwn.net/2001/1018/security.php3), > > Login vulnerability in PostNuke. The PostNuke web portal system > (up to version 0.64) has a vulnerability which can allow an > attacker to log into other users' accounts. A fix is included in > the report. It appears that PhpNuke is also vulnerable to this > attack. (We also still have not seen a new PhpNuke release > fixing the severe, widely-exploited vulnerability in version > 5.2.) > > You really should consider checking out something else. > > However, it's your machine. :) > > cheers, > > damon > > -- > Damon Muller :: Department of Criminology :: University of Melbourne > > I am Revenge: sent from the infernal kingdom, > To ease the gnawing vulture of thy mind, > By working wreakful vengeance on thy foes. > -- Titus Andronicus > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > >
