2013/12/24 PaulNM <deb...@paulscrap.com> > > > On 12/24/2013 04:37 AM, Reco wrote: > > Hi. > > > > On Tue, 24 Dec 2013 09:59:39 +0100 > > Raffaele Morelli <raffaele.more...@gmail.com> wrote: > >> Yes, I missed this point. > >> > >> BTW, as I don't want to rewrite someone else system security rules, > let's > >> say that: MY best practice is to have www-data or any other NON-root > user > >> as the scripts owner. > > > > So, basically you're allowing any php script to rewrite any php script > > with an arbitrary contents. An interesting policy, to say the least. > > > > Reco > > > > I'll say this much, there's nothing wrong with setting a non-root user > as owner, provided www-data (or whoever apache/php runs as) can't write > to the file(s). I've seen and done it before. > > While a good discussion can be had about root vs alt-user ownership, > lets not lose sight of the main point here: Don't let the process > *serving* the files have *write* access to them unless absolutely > necessary. >
The main point was that an attacker wrote a php script in the OP (wordpress? joomla?) theme folder and used this script to access sendmail executable (I wonder those file/folder ownership, root? www-data?). It's a matter of who is allowed to do what on a dir/file basis. Someone should explain why it's safe using root as the owner of php scripts instead of an unprivileged user (with no write permission on dir/files). Shared host and CMS security tips at https://drupal.org/node/244924 /r
