On Tue, 16 Jan 2001, Michael R. Wayne wrote: > Background: > We recently had a customer's web site suffer an attempted exploit > via one of their cgi scripts. The attempted exploit involved > writing a file into /tmp, then invoking inetd with that file to > get a root shell on a non-standard port. While the exploit > failed, they were able to write the file as user nobody and > invoke inetd. There is not much we can do about that as long > as we permit customers to use their own cgi scripts, which is > a requirement with this type of account. If you are using apache (who isn't?), I highly suggest you look into using suexec. That way bad CGI programming is offloaded to the customer and not to your system. -gordon To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
- Re: Protections on inetd (and /sbin/* /usr/sbin/* in ... Walter W. Hop
- Re: Protections on inetd (and /sbin/* /usr/sbin/... Peter Pentchev
- Re: Protections on inetd (and /sbin/* /usr/s... David Malone
- Re: Protections on inetd (and /sbin/* /u... Peter Pentchev
- Re: Protections on inetd (and /sbin/* /usr/s... Aleksandr A.Babaylov
- Re: Protections on inetd (and /sbin/* /u... mouss
- Re: Protections on inetd (and /sbin/... Matt Dillon
- Re: Protections on inetd (and /... Dag-Erling Smorgrav
- Re: Protections on inetd (and /sbin/* /usr/sbin/... mouss
- Re: Protections on inetd (and /sbin/* /usr/sbin/* in ... Daniel C. Sobral
- Re: Protections on inetd (and /sbin/* /usr/sbin/* in ... Gordon Tetlow
- Re: Protections on inetd (and /sbin/* /usr/sbin/... Dag-Erling Smorgrav
- Re: Protections on inetd (and /sbin/* /usr/s... Tony Finch
- Re: Protections on inetd (and /sbin/* /u... Dag-Erling Smorgrav
- Re: Protections on inetd (and /sbin/... Andy Farkas
