/tmp
Madison Kelly
linux-5ZoueyuiTZhBDgjK7y7TUQ at public.gmane.org
Fri May 26 00:23:45 UTC 2006
Scott C. Ripley wrote:
> hey all,
>
> anyone get hassled by:
> - some web app is able to write to /tmp as nobody
> - able to run file as nobody user (say via perl) even with noexec on the
> partition (because perl simply reads/executes the file in /tmp)
>
> some googling suggests it's going around... with suggestions like:
> - have separate /tmp partition (with noexec option on partition)
> - disable certain PHP functions (via php.ini)
> - (keep all your installed webapps patched/updated/etc.)
> - etc.
>
> still a pain though... if anybody has a sure fire way to fight this... let me
> know?
>
> thanks,
>
> Scott
We just had something like this on a couple of our production servers.
Specifically, some twerp was able to run a command that told wget to
grab some data and establish some telnet connections (or try at least).
These where *BSD machines...
I found that the 'httpd' had a crontab entry set to respawn a service
every minute, too. My boss updated Apache and a couple of other programs
(inc. a webmail app) and that seems to have stemmed the tide.
Madison
PS - If details will help I will talk to my boss tomorrow.
--
The Toronto Linux Users Group. Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml
More information about the Legacy
mailing list