Security Basics mailing list archives

Very basic security question:

From: "Ing. Bernardo Lopez" <bloodk () prodigy net mx>
Date: 21 Jan 2003 05:33:41 +0000

How secure could be my webserver if i allow some php scripts to modify
the file (directly) /etc/passwd & /etc/shadow but my script will only
allow to modify the line of the loged user (like userid=visitor, then he
only can see/modify visitor's line)??

It is secure, if i enforce very enougth the security of the script... or
this stills being a stupid option?

Also if i use that script only for modify the permisions of ftp's users
it stills unsecure? (if the ftpd runs whit a very unpriviligiated uid?)

Thanks in advance

Current thread:

RE: Internet Cafe, (continued)
- - RE: Internet Cafe Jason Dixon (Jan 20)
  - Re[2]: Internet Cafe Malte von dem Hagen (Jan 21)
  - Re: Internet Cafe Igor D. Spivak (Jan 21)
- RE: Internet Cafe Stephen A. Santos (Jan 17)
- RE: Internet Cafe DeNoyer, Rick (Jan 17)
- RE: Internet Cafe Ogden, Earl (Jan 17)
- RE: Internet Cafe Paul Baugher (Jan 17)
- RE: Internet Cafe squid (Jan 19)
- RE: Internet Cafe Terry Peterson (Jan 19)
- RE: Internet Cafe Gunn, Jeff (Jan 21)
  - Very basic security question: Ing. Bernardo Lopez (Jan 23)
    - Re: Very basic security question: Diego Figueroa (Jan 24)
    - Re: Very basic security question: Brad Arlt (Jan 24)
    - Message not available
    - Re: Very basic security question: Brad Arlt (Jan 27)
- RE: Internet Cafe Nick Besant (Jan 21)
- RE: Internet Cafe Will Munkara-Kerr (Jan 21)
- Re: Internet Cafe Ricardo Castanho de Oliveira Freitas (Jan 23)
- RE: Re[2]: Internet Cafe Paul Stewart (Jan 23)