Ludwig Nussel wrote:
Markus Gaugusch wrote:
Does anyone think, that it makes sense to let have /bin/bash the following permissions? -rwx---r-x 1 root www 490716 Sep 9 18:12 /bin/bash
With that setting, anyone exploiting the webserver could not execute /bin/bash (if course the same permissions could also be applied to /bin).
Has anyone ever tried this? Does it break things? Did I find something cool? ;-)
I like it :-) It's not a real protection though. Especially not against an attacker that spends time to break into your system. It might help as quick workaround in situations where a hole is not fixed yet against script kiddies or worms that cannot adapt to such surprises.
For that, removal of wget(1) is probably more useful. Does YOU work even without wget? Rainer