2013/12/24 Reco <recovery...@gmail.com> > Hi. > > On Tue, 24 Dec 2013 15:40:39 +0100 > Raffaele Morelli <raffaele.more...@gmail.com> wrote: > > > 2013/12/24 Reco <recovery...@gmail.com> > > > > > On Tue, 24 Dec 2013 14:32:58 +0100 > > > Raffaele Morelli <raffaele.more...@gmail.com> wrote: > > > > > > > The main point was that an attacker wrote a php script in the OP > > > > (wordpress? joomla?) theme folder and used this script to access > sendmail > > > > executable (I wonder those file/folder ownership, root? www-data?). > > > > > > Directory's owner is www-data, according to OP's mail. See: > > > > > > http://lists.debian.org/debian-user/2013/12/msg00806.html > > > > > > And note that attacker could rewrite any php file where just as well. > > > > > > > So ownership to root does matter? > > Which ownership are you talking about? > Was directory in question was owned by root, the attacker could not > create own files. > Was php files in question was owned by root, the attacker could not > overwrite existing files. > Now, if there was some php script run as a root, now that would be a > trouble.
The point is that you should use chmod instead. > > > > > It's a matter of who is allowed to do what on a dir/file basis. > > > > Someone should explain why it's safe using root as the owner of php > > > scripts > > > > instead of an unprivileged user (with no write permission on > dir/files). > > > > > > You have a root account on every OS that counts. And if it does not > > > have a root account it's a toy OS anyway. > > > > > > > so your policy is to use root account for every task? Pure redmond style > :-) > > No, my policy is to change file and it's group to root if I want to > prevent something writing into it. It's a big difference from running > everything under root, which is Redmond-style indeed. chmod is your friend. > > > Using account other than www-data requires either: > > > > > > a) Creating such account. > > > > > > b) Using some account that is used to run other daemons in this OS. > > > And allowing such daemon overwrite php files is a potential security > > > hole by itself. > > > > > > > and again, does ownership to root matter when the script is running as > > apache user? > > Let me explain my point one more time: > > Apache user is unable to write into file. Whenever the file is owned by > root or user-created account is irrelevant. > Apache user is unable to make files in a directory. Whenever the > directory is owned by root or user-created account is irrelevant. > One does not have to create root, it's already there. > One has to create user-created account. > Are u kidding? Apache writes and creates everything you want if directory/files permissions are designed for and that is what you want. > > > So, php files owned by root are convenience, nothing more. > > > > > > > ...and it's not what is worth to do to keep things in their > place/context. > > That's one way of doin' it. Now, to rely on poorly-implemented > 'security' features of PHP - that's something really not worth doing. That's absolutely you point of view, a wise and skilled developer does everything safe, a poor minded simply does not. /r
