Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour

To: debian-user@lists.debian.org
Subject: Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour
From: Reco <recoverym4n@gmail.com>
Date: Tue, 24 Dec 2013 13:37:52 +0400
Message-id: <[🔎] 20131224133752.9a8f118c07350cc0bf75659b@gmail.com>
In-reply-to: <[🔎] CAD4guxPuro2-6deZG26P+s6dDDUzB4NhQnrCLjzjGoZFo_1PDw@mail.gmail.com>
References: <[🔎] CAKkTUv2hUccoNBJ-UX1E=aqkdT9JSoVddG9mcVxgxQjE3qCzFQ@mail.gmail.com> <[🔎] CAKkTUv1-Z8idHwRYTO9=SAHmRZsFyEHGoDzVm5_3g3Mg-xNbPg@mail.gmail.com> <[🔎] CAKkTUv0p5wvswzRn6+g2w64gc5oE+fVRZtgJsVKmdPPhRyN9qQ@mail.gmail.com> <[🔎] CAD4guxO2TOCk4a78SS9EyhJUz1v-ZCF2njcDOQx5EiEerRObDQ@mail.gmail.com> <[🔎] 52B87600.2030007@nuagelibre.org> <[🔎] CAD4guxPGvPMp52sgQASdr6K8-TG77jksTSrh48-Q9BZBXhNHDA@mail.gmail.com> <[🔎] 20131224115409.10889818aead08a56e8f34e7@gmail.com> <[🔎] CAD4guxNbOBgFqXPofcJHg0W9Swfv4r_7hGJN-iTxr-FLJu-eyQ@mail.gmail.com> <[🔎] 52B948F5.7030204@paulscrap.com> <[🔎] CAD4guxPuro2-6deZG26P+s6dDDUzB4NhQnrCLjzjGoZFo_1PDw@mail.gmail.com>

 Hi.

On Tue, 24 Dec 2013 09:59:39 +0100
Raffaele Morelli <raffaele.morelli@gmail.com> wrote:
> Yes, I missed this point.
> 
> BTW, as I don't want to rewrite someone else system security rules, let's
> say that: MY best practice is to have www-data or any other NON-root user
> as the scripts owner.

So, basically you're allowing any php script to rewrite any php script
with an arbitrary contents. An interesting policy, to say the least.

Reco

Reply to:

Follow-Ups:
- Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour
  - From: Raffaele Morelli <raffaele.morelli@gmail.com>
- Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour
  - From: PaulNM <debian@paulscrap.com>

References:
- Debian Wheezy Compromised - www-data user is sending 1000 emails an hour
  - From: Lukasz Szybalski <szybalski@gmail.com>
- Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour
  - From: Lukasz Szybalski <szybalski@gmail.com>
- Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour
  - From: Lukasz Szybalski <szybalski@gmail.com>
- Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour
  - From: Raffaele Morelli <raffaele.morelli@gmail.com>
- Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour
  - From: Gilles Mocellin <gilles.mocellin@nuagelibre.org>
- Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour
  - From: Raffaele Morelli <raffaele.morelli@gmail.com>
- Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour
  - From: Reco <recoverym4n@gmail.com>
- Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour
  - From: Raffaele Morelli <raffaele.morelli@gmail.com>
- Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour
  - From: PaulNM <debian@paulscrap.com>
- Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour
  - From: Raffaele Morelli <raffaele.morelli@gmail.com>

Prev by Date: Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour
Next by Date: Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour
Previous by thread: Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour
Next by thread: Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour
Index(es):
- Date
- Thread