Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour

To: debian-user@lists.debian.org
Subject: Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour
From: Reco <recoverym4n@gmail.com>
Date: Tue, 24 Dec 2013 12:06:53 +0400
Message-id: <[🔎] 20131224120653.9b50357fb5cab3c9742a7f23@gmail.com>
In-reply-to: <[🔎] CAD4guxOUuo1PHj24Gke-G7+Wk86ikqSV9o0FpZDULFcDCTabhg@mail.gmail.com>
References: <[🔎] CAKkTUv2hUccoNBJ-UX1E=aqkdT9JSoVddG9mcVxgxQjE3qCzFQ@mail.gmail.com> <[🔎] CAKkTUv1-Z8idHwRYTO9=SAHmRZsFyEHGoDzVm5_3g3Mg-xNbPg@mail.gmail.com> <[🔎] CAKkTUv0p5wvswzRn6+g2w64gc5oE+fVRZtgJsVKmdPPhRyN9qQ@mail.gmail.com> <[🔎] CAD4guxO2TOCk4a78SS9EyhJUz1v-ZCF2njcDOQx5EiEerRObDQ@mail.gmail.com> <[🔎] 20131223234820.GB17379@hysteria.proulx.com> <[🔎] CAD4guxOUuo1PHj24Gke-G7+Wk86ikqSV9o0FpZDULFcDCTabhg@mail.gmail.com>

 Hi.

On Tue, 24 Dec 2013 08:57:36 +0100
Raffaele Morelli <raffaele.morelli@gmail.com> wrote:

> Keep in mind that if a php script is owned by root user and there's a
> security hole in it, an attacker can easily access every block of your file
> system.

Executing root-owned php script by www-data user will give you a process
which is owned by www-data.
Executing root-owned SUID php script by www-data user will give you a
process (surprise!) which is owned by www-data.

You should try it yourself sometimes.

Now, if disks' block devices are owned by www-data too that really can
be a problem. Or if disks' block devices had permissions that allowed
www-data to read from them. Since in stock Debian configuration
there are no such block or char devices - there is no problem.

Reco

Reply to:

References:
- Debian Wheezy Compromised - www-data user is sending 1000 emails an hour
  - From: Lukasz Szybalski <szybalski@gmail.com>
- Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour
  - From: Lukasz Szybalski <szybalski@gmail.com>
- Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour
  - From: Lukasz Szybalski <szybalski@gmail.com>
- Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour
  - From: Raffaele Morelli <raffaele.morelli@gmail.com>
- Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour
  - From: Bob Proulx <bob@proulx.com>
- Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour
  - From: Raffaele Morelli <raffaele.morelli@gmail.com>

Prev by Date: Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour
Next by Date: RE: Gmail Grrrr.
Previous by thread: Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour
Next by thread: Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour
Index(es):
- Date
- Thread