"exploiting" the webserver will give you the same "shell" rights as the
process for running the webserver does.
So changing the permission of /bin/bash is trivial.
Security for webservers starts by jailing the webserver. That's a
no-brainer.
Tim Rainier
Information Services, Kalsec, INC
trainier@kalsec.com
Markus Gaugusch
11/08/2005 04:41 PM
To
SuSE-Security
cc
Subject
[suse-security] Web Server Security
Hi,
Does anyone think, that it makes sense to let have /bin/bash the following
permissions?
-rwx---r-x 1 root www 490716 Sep 9 18:12 /bin/bash
With that setting, anyone exploiting the webserver could not execute
/bin/bash (if course the same permissions could also be applied to /bin).
Has anyone ever tried this? Does it break things?
Did I find something cool? ;-)
Markus
--
__________________ /"\
Markus Gaugusch \ / ASCII Ribbon Campaign
markus(at)gaugusch.at X Against HTML Mail
/ \
--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@suse.com
Security-related bug reports go to security@suse.de, not here