Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour

To: Gilles Mocellin <gilles.mocellin@nuagelibre.org>
Cc: Debian User <debian-user@lists.debian.org>
Subject: Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour
From: Raffaele Morelli <raffaele.morelli@gmail.com>
Date: Tue, 24 Dec 2013 08:47:17 +0100
Message-id: <[🔎] CAD4guxPGvPMp52sgQASdr6K8-TG77jksTSrh48-Q9BZBXhNHDA@mail.gmail.com>
In-reply-to: <[🔎] 52B87600.2030007@nuagelibre.org>
References: <[🔎] CAKkTUv2hUccoNBJ-UX1E=aqkdT9JSoVddG9mcVxgxQjE3qCzFQ@mail.gmail.com> <[🔎] CAKkTUv1-Z8idHwRYTO9=SAHmRZsFyEHGoDzVm5_3g3Mg-xNbPg@mail.gmail.com> <[🔎] CAKkTUv0p5wvswzRn6+g2w64gc5oE+fVRZtgJsVKmdPPhRyN9qQ@mail.gmail.com> <[🔎] CAD4guxO2TOCk4a78SS9EyhJUz1v-ZCF2njcDOQx5EiEerRObDQ@mail.gmail.com> <[🔎] 52B87600.2030007@nuagelibre.org>

2013/12/23 Gilles Mocellin <gilles.mocellin@nuagelibre.org>

Le 23/12/2013 15:30, Raffaele Morelli a écrit :

2013/12/14 Lukasz Szybalski <szybalski@gmail.com>

[...]

root should not own files served by apache for any reason, that's really "dangerous"!

you should never do that...

Excuse-me, but I think you're wrong.
The only reason I see where a file served by a web server must not be root is if it's suid and the web server has the rights to write to it (by the group membership).

I think you should read man pages on shells and privileges first and what a user can do.

Reply to:

Follow-Ups:
- Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour
  - From: Reco <recoverym4n@gmail.com>

References:
- Debian Wheezy Compromised - www-data user is sending 1000 emails an hour
  - From: Lukasz Szybalski <szybalski@gmail.com>
- Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour
  - From: Lukasz Szybalski <szybalski@gmail.com>
- Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour
  - From: Lukasz Szybalski <szybalski@gmail.com>
- Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour
  - From: Raffaele Morelli <raffaele.morelli@gmail.com>
- Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour
  - From: Gilles Mocellin <gilles.mocellin@nuagelibre.org>

Prev by Date: Re: bumblebee on laptop
Next by Date: Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour
Previous by thread: Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour
Next by thread: Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour
Index(es):
- Date
- Thread