Mailinglist Archive: opensuse-security (320 mails)

< Previous Next >
Re: [suse-security] perl script drop
  • From: "petry" <petry@xxxxxxxxxxxxx>
  • Date: Mon, 12 May 2003 13:38:45 +0200
  • Message-id: <sebfa403.011@fs_hell>
Only a small hint for the /tmp-partition: mount it as follows in /etc/fstab

/dev/hda5 /tmp ext2 rw,nosuid,nodev,noexec

with the noexec-parameter so no one is able to execute a created script from that directory

Greetings
olaf

>>> "Gerhard Stegmann" <gerhard.stegmann@xxxxxxxxxxx> 12.05.2003 13:12 >>>
hi there
i have 2.4.20 with apache 1.3.26 and mod_php 4.2.2

somehow it was possible for a guy, to drop a file /tmp/.ps on the machine, and to start perl on that file

#>ps ax

1234 perl /tmp/.ps

the file was created under wwwrun.www - ownership, which tells me that apache created it.
the script just listens for incoming connections on p 4098, and opens a shell if the correct password is entered.



< Previous Next >
Follow Ups