A folder with more outside access than normal.  The folder is accessible
via users with limited authority (and no access to other parts of the
system).

This is not the best solutions, however.  The iSeries FTP server is not
the most robust I have seen.  Many servers allow you to map a user's
root directory, which completely invalidates the ".." exploit.

One of the best I have seen was the IBM PTF download.  First, IBM built
a virtual user.  Then, they virtualized that user's access to just his
home directory and below, such that his "root" was actually the home
directory for that user.  Thus, the ".." exploit would never get out of
his home directory.  Then they copied the files to his folder.  Thus,
everybody got the exact same instructions ("Log on, CD to \ptf, and
download the files"), even though there were tons of folders on the
server.

Joe


> From: rob@xxxxxxxxx
> 
> What's a "sandbox"?


As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.