Re: How to Prevent Uploading PERL script into /tmp Directory ??

To: debian-isp@lists.debian.org
Subject: Re: How to Prevent Uploading PERL script into /tmp Directory ??
From: Thomas Goirand <thomas@goirand.fr>
Date: Mon, 02 Jul 2007 01:39:28 +0800
Message-id: <[🔎] 4687E6D0.90000@goirand.fr>
In-reply-to: <467BB1B1.9010408@ditro.com>
References: <467BB1B1.9010408@ditro.com>

Ditro - BipinDas wrote:
> Dear  List,
> 
> I had implemented Mod Security 1.9 in a Debian 3 Server. My Apache
> Version is 1.3, and log says that its working fine. I had secured my
> /tmp /var/tmp /dev/shm directories. And umounted in /etc/fstab. But
> Yesterday,one attacker had upload a perl script into my /tmp directory. 
> He is continuously uploading scripts to that foler
> Please let me know what should do prevent an intruder to uploading
> Perl/Sh/Chsh scripts into the /tmp directories.
> 
> Thanks in Advance.
> -- 

If you use php for your upload script, make it so the php temp directory
is NOT in your /tmp.

Something like this might help:

php_value session.save_path /path/to/another/tmp

You can also secure all your cgi-script with a wrapper. Checkout this one:

cvs -d :pserver:anonymous@gplhost.com:/var/lib/cvs co sbox

then you can forbid totally the access to /tmp to all your scripts in
your server.

Note that this will NOT prevent any hack with uploads, and you still
need to fix your upload script, but it's still better than "normal"
situation.

Thomas

Reply to:

Prev by Date: Re: SPF (was: Re: PERSONAL xxxx - KTA)
Next by Date: Re: SPF (was: Re: PERSONAL xxxx - KTA)
Previous by thread: Re: [[SPAM]]Re: Metric system
Next by thread: Re: logcheck configuration?
Index(es):
- Date
- Thread