Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour

To: debian-user@lists.debian.org
Subject: Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour
From: "Hans-J. Ullrich" <hans.ullrich@loop.de>
Date: Tue, 24 Dec 2013 10:03:15 +0100
Message-id: <[🔎] 8683503.DJnhiYqzSX@protheus7>
In-reply-to: <[🔎] 52B948F5.7030204@paulscrap.com>
References: <[🔎] CAKkTUv2hUccoNBJ-UX1E=aqkdT9JSoVddG9mcVxgxQjE3qCzFQ@mail.gmail.com> <[🔎] CAD4guxNbOBgFqXPofcJHg0W9Swfv4r_7hGJN-iTxr-FLJu-eyQ@mail.gmail.com> <[🔎] 52B948F5.7030204@paulscrap.com>

> 
> No, php script *RUN* by root -> full system access
> 
> php script run by www-data -> access to what www-data has access to.
> 
> Owner/Group/Other permissions only affect who has access to the
> file/folder, not the kind of access the file (process) itself has when
> run. Two very different concepts.
> 
> The exceptions being the setuid and setgid bits, as mentioned by others.
> Those set the user ID/group ID of the process, regardless of who runs
> it.  Regular users *can* set those bits, but *can't* chown anything to
> root.  They also can't change permissions (including the setuid/setgid
> bits) unless they're the owner, even if they're in the group and the
> file has 777 permissions.
> 
> paul@Serenity:~$ ls -alh PermTest-*
> -rw-r--r-- 1 paul paul 0 Dec 24 03:32 PermTest-1.sh
> -rwxrwxrwx 1 root paul 0 Dec 24 03:32 PermTest-2.sh
> paul@Serenity:~$ chmod 4644 PermTest-1.sh
> paul@Serenity:~$ chmod 4644 PermTest-2.sh
> chmod: changing permissions of ‘PermTest-2.sh’: Operation not permitted
> paul@Serenity:~$ ls -alh PermTest-*
> -rwSr--r-- 1 paul paul 0 Dec 24 03:32 PermTest-1.sh
> -rwxrwxrwx 1 root paul 0 Dec 24 03:32 PermTest-2.sh
> 
> 
> Executables run with the permissions of the user running it, the file
> permissions on the executable limit/allow *who* may run it.
> 
> 
> - PaulNM

Hi Paul,
I do not intend to hijack this discussion but I think I have got the same 
problem!

Fist thank you for your explanation. I am following this discussion and I have 
a similar problem. I made a script, which is calling an application 
(/usr/bin/cpufreq-set) with additional tags.

But I cannot get this script running with root privileges, although I set the 
setuid bit to root at my scriipt and cpufreq-set is set to owner root:root.

As far as I understood your explanatiions:

When I start my script as a regular user, it will be started with root 
privileges due to setuid root, but the called process (cpufreq-set) will then 
be startes with owner of the regular user and its rights? If so, is there a 
way to let both start with root owner and permission by a regular user?

Thanks for any hints. And again, I do not want to hijack this discussion, 
maybe you can just explain it with the case of the original questioner.

Thanks.

Hans

Reply to:

Follow-Ups:
- Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour
  - From: Reco <recoverym4n@gmail.com>

References:
- Debian Wheezy Compromised - www-data user is sending 1000 emails an hour
  - From: Lukasz Szybalski <szybalski@gmail.com>
- Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour
  - From: Raffaele Morelli <raffaele.morelli@gmail.com>
- Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour
  - From: PaulNM <debian@paulscrap.com>

Prev by Date: Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour
Next by Date: Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour
Previous by thread: Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour
Next by thread: Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour
Index(es):
- Date
- Thread