Date: Mon, 28 Jul 1997 15:00:57 -0600 (MDT) From: Nate Williams <nate@mt.sri.com> To: "Jonathan A. Zdziarski" <jonz@netrail.net> Cc: Robert Watson <robert+freebsd@cyrus.watson.org>, Vincent Poy <vince@mail.mcestate.com>, Tomasz Dudziak <loco@onyks.wszib.poznan.pl>, security@freebsd.org, "[Mario1-]" <mario1@primenet.com>, JbHunt <johnnyu@accessus.net> Subject: Re: security hole in FreeBSD Message-ID: <199707282100.PAA07719@rocky.mt.sri.com> In-Reply-To: <Pine.BSF.3.95q.970728154922.12468A-100000@netrail.net> References: <Pine.BSF.3.95q.970728142652.3342F-100000@cyrus.watson.org> <Pine.BSF.3.95q.970728154922.12468A-100000@netrail.net>
next in thread | previous in thread | raw e-mail | index | archive | help
> There IS one common hole I've seen apache and stronghold have, and that is > that some people like to leave their sessiond or httpd files owned by > 'nobody'. This allows somebody running CGI on that system to replace > those binaries with their own, hacked binaries (since the scripts are > usually owned as nobody), and the next time httpd starts, they can make it > write a root shell, or just about anything along those lines. If it's running as 'nobody', it can't create a root shell. It can create a 'nobody' shell though... Nate
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199707282100.PAA07719>