Date: Mon, 28 Jul 1997 14:44:14 -0700 (PDT) From: Vincent Poy <vince@mail.MCESTATE.COM> To: "[Mario1-]" <Mario1@PrimeNet.Com> Cc: JbHunt <johnnyu@accessus.net>, Robert Watson <robert+freebsd@cyrus.watson.org>, Tomasz Dudziak <loco@onyks.wszib.poznan.pl>, security@FreeBSD.ORG Subject: Re: security hole in FreeBSD Message-ID: <Pine.BSF.3.95.970728144205.3844C-100000@mail.MCESTATE.COM> In-Reply-To: <Pine.WNT.3.96.970728125836.-168391A-100000@frontera>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 28 Jul 1997, [Mario1-] wrote: =)On Mon, 28 Jul 1997, Jonathan A. Zdziarski wrote: =) =): There IS one common hole I've seen apache and stronghold have, and that is =): that some people like to leave their sessiond or httpd files owned by =): 'nobody'. This allows somebody running CGI on that system to replace =): those binaries with their own, hacked binaries (since the scripts are =): usually owned as nobody), and the next time httpd starts, they can make it =): write a root shell, or just about anything along those lines. =) =)Now THIS is interesting. I was thinking about this a little while ago. =)Didn't it seem like 'nobody' had an awful lot of processes running =)last night? Yes, it did but they were all httpd and I understand apache httpd has fixed this security hole a long time ago since we are using the new version of apache. Cheers, Vince - vince@MCESTATE.COM - vince@GAIANET.NET ________ __ ____ Unix Networking Operations - FreeBSD-Real Unix for Free / / / / | / |[__ ] GaiaNet Corporation - M & C Estate / / / / | / | __] ] Beverly Hills, California USA 90210 / / / / / |/ / | __] ] HongKong Stars/Gravis UltraSound Mailing Lists Admin /_/_/_/_/|___/|_|[____]
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.95.970728144205.3844C-100000>