Heya, Torsten Werner <[EMAIL PROTECTED]> wrote: >On Sun, Apr 13, 2008 at 11:41 AM, Bas Zoetekouw <[EMAIL PROTECTED]> wrote: >> The difference is that _everyone_ on your system can run scripts as >> www-data. Normal users can't run scripts as the postgres user. > if the postgres user has a .bashrc than everyone can execute it. What > is the point? BTW postgres was just one example. Just pick another > random user and you will find files that can be executed by all user.
The difference in this case is that very many things (pick your favourite web application) run with the www-data uid. While it is hard to construct a scenario where an attacker gains access to the postgres user without cracking the whole system, the problems in web applications are so common that on any webserver, files owned by the www-data user should be considered as published to the web. In this case, it is possible to gain access to a system using some broken script on a host, then change executables of the OTRS user and thus get access to databases private to the ticket system. This *is* a security bug. The current setup makes a security bug in *every* application running as www-data a security bug in OTRS. Marc -- BOFH #191: Just type mv * /dev/null. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
