Can the sqvm shit up stuff outside the root directory?

EK.IceFlake

  • Hero Member
  • "We are the champions my fellahs" - Sufyan/VK.SuFy
  • Posts: 1,757
Can the sqvm shit up stuff outside the root directory?
« on January 15th, 2017, 12:28 PM »
For example, I have a hosting panel that has its servers in such a way:
./svr-uid/svr/mpsvrrel64
Can, let's say, ./finch-server/svr/mpsvrrel64, running the squirrel plugin, read ./top-secret-stormeus-server/svr/main.nut?

Shadow

  • Beta Tester Emeritus
  • Posts: 176
Re: Can the sqvm shit up stuff outside the root directory?
« Reply #1, on January 15th, 2017, 01:40 PM »
http://squirrel-lang.org/doc/sqstdlib3.pdf page 7.

Code: [Select]
The file object implements a stream on a operating system file. It's contructor imitate the behaviour of
the C runtime function fopen for eg.
local myfile = file("test.xxx","wb+");
creates a file with read/write access in the current directory.

...

I guess it's up to your management then. I'm not a linux-master but I guess it's about how you manage permissions.
Quote
PS:is trash is ur home language??

jWeb

  • Full Member
  • Posts: 145
Re: Can the sqvm shit up stuff outside the root directory?
« Reply #2, on January 15th, 2017, 01:52 PM »Last edited on January 15th, 2017, 01:57 PM
Yes it can. If the user who's running the server has at least read-only permissions to a file then he can access it. He can go and read configuration files from /etc/ directory and if any of those have passwords then he'll be able to view them. He'll be able to read any file where users other than the owner have privileges to read it.

The only way he won't be able to read them is if the folder where the files are residing is accessible only by the owner. And while that would work with other servers so he can't access files from the folder of another server. It won't work on system directories.

It all depends on the privileges of the user under which the server is running.

That's one of the quirks you have to deal with when hosting stuff.