[dcc2] MultiFile Transfer Headers
codemstr at ptdprolog.net
codemstr at ptdprolog.net
Thu Apr 29 23:46:49 EDT 2004
> Additionally, if its not done right, I think it could lead to security
> issues. (mark a file executable, call it bash, or whatever, and send to a
> unix user. If they are ignorant (and lets admit, there are lots of "newbie"
> linux users out there) it could be easier to backdoor. Sure, some social
> engineering is required, but still, I mean, whats the benifit of specifing
> permissions? none that I can really see.
Thinking about it a bit more, I see other security issues. I have a machine
that only I have access to. And on my machine, I store everything as 777. I
go to send you passwordlist.txt. My client says "permissions: 777". So your
client sets that after receiving the file. Well now, for me it was no big
deal, I'm the only one who uses my system, 777, 770, and 700 all work the
same on my system. You, however, were logged in through a shell account.
There are dozens of users on the system. And now, everyone one of them has
access to the password list.
-- codemastr
More information about the dcc2
mailing list