Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour
Hi.
On Tue, 24 Dec 2013 09:59:39 +0100
Raffaele Morelli <raffaele.morelli@gmail.com> wrote:
> Yes, I missed this point.
>
> BTW, as I don't want to rewrite someone else system security rules, let's
> say that: MY best practice is to have www-data or any other NON-root user
> as the scripts owner.
So, basically you're allowing any php script to rewrite any php script
with an arbitrary contents. An interesting policy, to say the least.
Reco
Reply to: