Re: Apache security compromise

To: debian-user@lists.debian.org
Subject: Re: Apache security compromise
From: Vineet Kumar <debian-user@virtual.doorstop.net>
Date: Mon, 8 Jul 2002 11:19:42 -0700
Message-id: <[🔎] 20020708181942.GA343@doorstop.net>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 20020708162758.D1DF87AD59@isis.telemach.net>
References: <[🔎] 20020708162758.D1DF87AD59@isis.telemach.net>

* Rox de Gabba (rok.ruzic@telemach.net) [020708 09:29]:
> [Sun Jul  7 06:26:28 2002] [notice] Apache/1.3.26 (Unix) Debian GNU/Linux 
> PHP/4.1.2 configured -- resuming normal operations
> [Sun Jul  7 06:26:28 2002] [notice] suEXEC mechanism enabled (wrapper: 
> /usr/lib/apache/suexec)
> [Sun Jul  7 06:26:28 2002] [notice] Accept mutex: sysvsem (Default: sysvsem)
> [Sun Jul  7 07:31:05 2002] [error] [client 65.213.188.190] client sent 
> HTTP/1.1
> request without hostname (see RFC2616 section 14.23): /
> 
> This is from my apache.log ... i don't know exactly what they mean, but the 
> suEXEC mechanism enabled line does not sound good. I hope someone knows what 
> it could be, and if it is bad, what can i do to prevent it.

You should start by doing some reading here:

http://httpd.apache.org/docs/suexec.html

(and rest easy.)

good times,
Vineet
-- 
http://www.doorstop.net/
-- 
"Computer Science is no more about computers
than astronomy is about telescopes." -E.W. Dijkstra

Attachment: pgpWCRMz92pcy.pgp
Description: PGP signature

Reply to:

References:
- Apache security compromise
  - From: Rox de Gabba <rok.ruzic@telemach.net>

Prev by Date: Re: Text 2 Speech
Next by Date: Re: Text 2 Speech
Previous by thread: Apache security compromise
Next by thread: Re: Apache security compromise
Index(es):
- Date
- Thread