Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour
On 12/24/2013 03:00 AM, Raffaele Morelli wrote:
>
> 2013/12/24 Reco <recoverym4n@gmail.com <mailto:recoverym4n@gmail.com>>
>
> Hi.
>
> On Tue, 24 Dec 2013 08:47:17 +0100
> Raffaele Morelli <raffaele.morelli@gmail.com
> <mailto:raffaele.morelli@gmail.com>> wrote:
>
> > I think you should read man pages on shells and privileges first
> and what a
> > user can do.
>
> Can you elaborate please how exactly serving root-owned file with
> apache is a bad thing for security?
>
>
> php script is owned by root -> full system access
No, php script *RUN* by root -> full system access
php script run by www-data -> access to what www-data has access to.
Owner/Group/Other permissions only affect who has access to the
file/folder, not the kind of access the file (process) itself has when
run. Two very different concepts.
The exceptions being the setuid and setgid bits, as mentioned by others.
Those set the user ID/group ID of the process, regardless of who runs
it. Regular users *can* set those bits, but *can't* chown anything to
root. They also can't change permissions (including the setuid/setgid
bits) unless they're the owner, even if they're in the group and the
file has 777 permissions.
paul@Serenity:~$ ls -alh PermTest-*
-rw-r--r-- 1 paul paul 0 Dec 24 03:32 PermTest-1.sh
-rwxrwxrwx 1 root paul 0 Dec 24 03:32 PermTest-2.sh
paul@Serenity:~$ chmod 4644 PermTest-1.sh
paul@Serenity:~$ chmod 4644 PermTest-2.sh
chmod: changing permissions of ‘PermTest-2.sh’: Operation not permitted
paul@Serenity:~$ ls -alh PermTest-*
-rwSr--r-- 1 paul paul 0 Dec 24 03:32 PermTest-1.sh
-rwxrwxrwx 1 root paul 0 Dec 24 03:32 PermTest-2.sh
Executables run with the permissions of the user running it, the file
permissions on the executable limit/allow *who* may run it.
- PaulNM
Reply to: