> On Fri, Mar 31, 2017 at 02:07:54PM +0200, Dominik George wrote: > > That's how w^Hsomeone rooted Dreamhost. > > Are you referring to the 2012 incident, or something more recent? > > I thought the former was an issue with lax filesystem permissions.
(This is getting somewhat OT; if you want to discuss that further, maybe choose private conversation or another mailing list… I only intended to provide a scenario that was not made up.) Something less recent, from late 2010. The thing I described was reported only to the company themselves, who still failed to fix the root issue for several years. After their administrators and CEO (funnily enough, it was his webhosting account that had the vulnerable PHP application I was talking about…) had ignored the issue for more than a year, $someone dropped a note in the Chaos Communication Congress' wiki. What exactly this note was used for and what it was not used for is beyond my knowledge. -nik -- PGP-Fingerprint: 3C9D 54A4 7575 C026 FB17 FD26 B79A 3C16 A0C4 F296 Dominik George · Hundeshagenstr. 26 · 53225 Bonn Mobile: +49-1520-1981389 · https://www.dominik-george.de/ Teckids e.V. · FrOSCon e.V. Fellowship of the FSFE · Piratenpartei Deutschland Opencaching Deutschland e.V. · Debian Maintainer LPIC-3 Linux Enterprise Professional (Security)
