Date: Thu, 31 Jul 1997 12:24:06 -0600 (MDT) From: Marc Slemko <marcs@znep.com> To: security@FreeBSD.ORG Subject: Re: security hole in FreeBSD Message-ID: <Pine.BSF.3.95.970731122040.27274G-100000@alive.znep.com> In-Reply-To: <Pine.BSF.3.95q.970728154922.12468A-100000@netrail.net>
next in thread | previous in thread | raw e-mail | index | archive | help
(no, it isn't particularily FreeBSD related but at least it is security...) On Mon, 28 Jul 1997, Jonathan A. Zdziarski wrote: > There IS one common hole I've seen apache and stronghold have, and that is More accurately, there is a common hole you have seen people have with their installations. > that some people like to leave their sessiond or httpd files owned by > 'nobody'. This allows somebody running CGI on that system to replace > those binaries with their own, hacked binaries (since the scripts are > usually owned as nobody), and the next time httpd starts, they can make it > write a root shell, or just about anything along those lines. Presuming you start the server as root and have it run as a different user, one other thing to note is to be sure that the directory your log files are in is not writable by anyone you don't trust with root. If someone can write to the directory with the logfile in (or any directory above it), they can almost certainly get root. The log files themself can be writable by whoever you want (although there is no reason for them to be, and it can let people tamper with them); the directory is the thing that is important.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.95.970731122040.27274G-100000>