[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: hardening checkpoints

On Thu, Dec 15, 2005 at 05:20:19PM +0000, kevin bailey wrote:
> > get DDOSed in retaliation (I am guessing really). Anyways on a
> > multi-user web server it difficult to track down the vulnerable cgi
> > unless you run the cgi's as the account owner (as apposed to all running
> > as www-data), and the conversion to suexec or cgiwrap is nontrivial
> good point - i installed cg-wrap before and found it was ok to install on
> debian.  this should be there as a matter of course.

Make sure you install the latest version (3.9-3.1) since it removes some
security exposures that were in previous versions (not critical, that's why
there's no DSA). Backporting it to stable should be straightforward.



Attachment: signature.asc
Description: Digital signature

Reply to: