/tmp

[Madison Kelly]

Scott C. Ripley wrote:
> hey all,
> 
> anyone get hassled by:
>   - some web app is able to write to /tmp as nobody
>   - able to run file as nobody user (say via perl) even with noexec on the
>     partition  (because perl simply reads/executes the file in /tmp)
> 
> some googling suggests it's going around... with suggestions like:
>   - have separate /tmp partition  (with noexec option on partition)
>   - disable certain PHP functions (via php.ini)
>   - (keep all your installed webapps patched/updated/etc.)
>   - etc.
> 
> still a pain though... if anybody has a sure fire way to fight this... let me 
> know?
> 
> thanks,
> 
> Scott

We just had something like this on a couple of our production servers. 
Specifically, some twerp was able to run a command that told wget to 
grab some data and establish some telnet connections (or try at least). 
These where *BSD machines...

I found that the 'httpd' had a crontab entry set to respawn a service 
every minute, too. My boss updated Apache and a couple of other programs 
(inc. a webmail app) and that seems to have stemmed the tide.

Madison

PS - If details will help I will talk to my boss tomorrow.
--
The Toronto Linux Users Group.      Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml