Re: Attack using php+apache

To: debian-security@lists.debian.org
Subject: Re: Attack using php+apache
From: Dion Mendel <quietude@iinet.net.au>
Date: Sun, 16 Nov 2003 12:42:30 +0800
Message-id: <[🔎] 20031116044230.GA5729@localhost>
In-reply-to: <[🔎] E1ALENO-0002zK-00@calista.eckenfels.6bone.ka-ip.net>
References: <[🔎] 20031116024448.GA4896@localhost> <[🔎] E1ALENO-0002zK-00@calista.eckenfels.6bone.ka-ip.net>

On Sun, Nov 16, 2003 at 05:19:06AM +0100, Bernd Eckenfels wrote:
> In article <[🔎] 20031116024448.GA4896@localhost> you wrote:
> > So what to do now?  If /tmp was mounted ro, then none of the attacker's
> > tools could run (from this attack anyway)
> 
> Read Only tmp? :) Now that is a funny idea. I can understand to restrict tmp
> to root or to remove it totally, but why would one want to have it read
> only?

Oops, thinko.  I meant noexec, but you probably realised that.

Dion.

-- 
Dion's Maxim:  If you are ever surprised at just how stupid people can be,
               then you haven't understood Dion's Maxim.

Reply to:

Follow-Ups:
- Re: Attack using php+apache
  - From: Bernd Eckenfels <ecki@calista.eckenfels.6bone.ka-ip.net>

References:
- Re: Attack using php+apache
  - From: Dion Mendel <quietude@iinet.net.au>
- Re: Attack using php+apache
  - From: Bernd Eckenfels <ecki@calista.eckenfels.6bone.ka-ip.net>

Prev by Date: Re: Attack using php+apache
Next by Date: Re: Attack using php+apache
Previous by thread: Re: Attack using php+apache
Next by thread: Re: Attack using php+apache
Index(es):
- Date
- Thread