"exploiting" the webserver will give you the same "shell" rights as the process for running the webserver does. So changing the permission of /bin/bash is trivial. Security for webservers starts by jailing the webserver. That's a no-brainer. Tim Rainier Information Services, Kalsec, INC trainier@kalsec.com Markus Gaugusch <markus@gaugusch.at> 11/08/2005 04:41 PM To SuSE-Security <suse-security@suse.com> cc Subject [suse-security] Web Server Security Hi, Does anyone think, that it makes sense to let have /bin/bash the following permissions? -rwx---r-x 1 root www 490716 Sep 9 18:12 /bin/bash With that setting, anyone exploiting the webserver could not execute /bin/bash (if course the same permissions could also be applied to /bin). Has anyone ever tried this? Does it break things? Did I find something cool? ;-) Markus -- __________________ /"\ Markus Gaugusch \ / ASCII Ribbon Campaign markus(at)gaugusch.at X Against HTML Mail / \ -- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here