Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour
Hi.
On Tue, 24 Dec 2013 08:57:36 +0100
Raffaele Morelli <raffaele.morelli@gmail.com> wrote:
> Keep in mind that if a php script is owned by root user and there's a
> security hole in it, an attacker can easily access every block of your file
> system.
Executing root-owned php script by www-data user will give you a process
which is owned by www-data.
Executing root-owned SUID php script by www-data user will give you a
process (surprise!) which is owned by www-data.
You should try it yourself sometimes.
Now, if disks' block devices are owned by www-data too that really can
be a problem. Or if disks' block devices had permissions that allowed
www-data to read from them. Since in stock Debian configuration
there are no such block or char devices - there is no problem.
Reco
Reply to: