SCO OpenServer & filePro permissions

Bill Campbell bill at celestial.com
Mon Oct 11 17:18:03 PDT 2010


On Mon, Oct 11, 2010, scooter6 at gmail.com wrote:

>So does it matter what I set filepro's password to? I never knew it got
>installed with a password, much less a password that expires??
>Strange......

Users without passwords or with weak passwords that have login shells,
(e.g. /bin/sh, /bin/bash, etc.) are frequently used by crackers to gain
shell access to systems where they can then exploit vulnerabilities to gain
root access.  I probably see a half-dozen of this type of crack every year
where the cracker gained access through poorly designed web tools such as
webmin's usermin, or via php exploits of user's personal web pages in the
$HOME/public_html directories.

Bill
-- 
INTERNET:   bill at celestial.com  Bill Campbell; Celestial Software LLC
URL: http://www.celestial.com/  PO Box 820; 6641 E. Mercer Way
Voice:          (206) 236-1676  Mercer Island, WA 98040-0820
Fax:            (206) 232-9186  Skype: jwccsllc (206) 855-5792

Liberals love to say things like, 'We're just asking everyone to pay
their fair share.' But government is not about asking. It is about telling.
The difference is fundamental. It is the difference between making love and
being raped, between working for a living and being a slave.
    Dr. Thomas Sowell, Forbes, July 1994


More information about the Filepro-list mailing list