Re: Apache security compromise

To: rok.ruzic@telemach.net, debian-user@lists.debian.org
Subject: Re: Apache security compromise
From: David Wright <ichbin@shadlen.org>
Date: Mon, 08 Jul 2002 12:40:39 -0700
Message-id: <[🔎] 3D29EAB7.1000902@shadlen.org>

The log entries you quote do not indicate any security compromise.suexec is a utility used to all CGI scripts within a user's web space(~/public_html) to execute as the user rather than as the web browser.Such a thing is useful for a web service provider, but I don't find ituseful for small organizations of mostly trusted users. To turn offsuexec, just

  chmod u-s /usr/lib/apache/suexec

Unfortunately, any apache update will re-set the suid bit on thisbinary, and you'll have to repeat this step afterward.

--

To UNSUBSCRIBE, email to debian-user-request@lists.debian.orgwith a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

Follow-Ups:
- Re: Apache security compromise
  - From: martin f krafft <madduck@debian.org>
- Re: Apache security compromise
  - From: Colin Watson <cjwatson@debian.org>

Prev by Date: ncftp v. ncftp2
Next by Date: Re: Apache security compromise
Previous by thread: Re: Apache security compromise
Next by thread: Re: Apache security compromise
Index(es):
- Date
- Thread