|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [suse-security] Web Server Security
From: Rainer Duffner (rainer
ultra-secure.de)
Date: Wed Nov 09 2005 - 04:02:41 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Ludwig Nussel wrote:
>Markus Gaugusch wrote:
>
>
>>Does anyone think, that it makes sense to let have /bin/bash the following
>>permissions?
>>-rwx---r-x 1 root www 490716 Sep 9 18:12 /bin/bash
>>
>>With that setting, anyone exploiting the webserver could not execute
>>/bin/bash (if course the same permissions could also be applied to /bin).
>>
>>Has anyone ever tried this? Does it break things?
>>Did I find something cool? ;-)
>>
>>
>
>I like it :-) It's not a real protection though. Especially not
>against an attacker that spends time to break into your system. It
>might help as quick workaround in situations where a hole is not
>fixed yet against script kiddies or worms that cannot adapt to such
>surprises.
>
For that, removal of wget(1) is probably more useful.
Does YOU work even without wget?
Rainer
--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-helpsuse.com
Security-related bug reports go to securitysuse.de, not here
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]