On Tue, 15 Jun 2004, Ross Tsolakidis wrote:
> I'd appreciate some help on how to stop this from happening.
Run something like aide so you can detect when it goes wrong (though there
are some caveats it does not sound like they will hit you) and run a
netflow-collector next to it, if you can. Tha
Would it be possible to run that program trough e.g. perl/php/... ?
A use could ftp the executable and write a php script that execute it.
Thanks in advance,
Rudy
On Tue, 15 Jun 2004 17:24, Rudy Gevaert <[EMAIL PROTECTED]> wrote:
> Would it be possible to run that program trough e.g. perl/php/... ?
>
> A use could ftp the executable and write a php script that execute it.
Does PHP allow executing arbitary binaries?
If the user can install CGI-BIN scripts t
Ignore my message. I didn't read the url give aboven carefully
enough. It mentions what I asked.
On Tue, Jun 15, 2004 at 05:52:18PM +1000, Russell Coker wrote:
> On Tue, 15 Jun 2004 17:24, Rudy Gevaert <[EMAIL PROTECTED]> wrote:
> > Would it be possible to run that program trough e.g. perl/php/... ?
> >
> > A use could ftp the executable and write a php script that execute it.
>
> Does PHP al
On Tue, Jun 15, 2004 at 12:46:13AM +0200, Stephan Dietl wrote:
> Hello!
>
> andrew lattis <[EMAIL PROTECTED]> schrieb:
> > what does everyone else use to keep track of all there passwords?
>
> Following an article of Martin Joey Schulze in a german magazine i send
> a mail with the password encry
Hi,
"Fri, 11 Jun 2004 20:50:12 +0900", "[EMAIL PROTECTED]"
"may CAN-2004-041[678] affect on woody?"
>May CAN-2004-0416, CAN-2004-0417 and CAN-2004-0418 not affect
>on Debian woody? Or, may anyone works for merging this fix?
The answer is "It affects woody" and now DSA 519-1 was shipped.
On Tue, Jun 15, 2004 at 09:23:33AM +0100, David Ramsden wrote:
> On Tue, Jun 15, 2004 at 05:52:18PM +1000, Russell Coker wrote:
> > Does PHP allow executing arbitary binaries?
> >
> [snip]
>
> Yes, unless in your php.ini you have something along the lines of:
> disable_functions = system,passthr
On Tue, Jun 15, 2004 at 10:35:33AM +0200, Rudy Gevaert wrote:
> On Tue, Jun 15, 2004 at 09:23:33AM +0100, David Ramsden wrote:
> > On Tue, Jun 15, 2004 at 05:52:18PM +1000, Russell Coker wrote:
>
> > > Does PHP allow executing arbitary binaries?
> > >
> > [snip]
> >
> > Yes, unless in your php.i
On Tue, Jun 15, 2004 at 11:20:35AM +0200, Jeroen van Wolffelaar wrote:
> On Tue, Jun 15, 2004 at 10:35:33AM +0200, Rudy Gevaert wrote:
> > On Tue, Jun 15, 2004 at 09:23:33AM +0100, David Ramsden wrote:
> > > On Tue, Jun 15, 2004 at 05:52:18PM +1000, Russell Coker wrote:
> >
> > > > Does PHP allow
Hi,
"Tue, 15 Jun 2004 10:35:33 +0200", "Rudy Gevaert"
"securing PHP (was: Kernel Crash Bug)"
>Can somebody point me to some documentation about securing PHP?
Not documentation but patch for php, "Hardened-PHP".
http://www.hardened-php.net/
--
Regards,
Hideki Yamanemailto:henric
al> what does everyone else use to keep track of all there passwords?
I've used 'tkpasman' for years ... nice!
http://www.xs4all.nl/~wbsoft/linux/tkpasman.html
--
Prof Kenneth H Jacker [EMAIL PROTECTED]
Computer Science Dept www.cs.appstate.edu/~khj
Appalachian State Univ
Boon
Try kedpm, its a debian package, and has console as well as GUI
support and uses the FPM data, really nice.
micah
On Tue, 15 Jun 2004, Kenneth Jacker wrote:
> al> what does everyone else use to keep track of all there passwords?
>
> I've used 'tkpasman' for years ... nice!
>
> http://www
micah> Try kedpm, its a debian package, and has console as well as
micah> GUI support and uses the FPM data, really nice.
Thanks for the suggestion!
Though I found a web site for 'kedpm':
http://kedpm.sourceforge.net/
the following return no Debian packages:
http://packages.debian.org
Here is a list of junk subject patterns in case someone is interested.
Alain
junkMailPatterns.gz
Description: Binary data
Can the mailing list software add a X-Subscribed : yes/no in the
mail headers ? Then people decide to filter it out or not.
Alain
"Wipe, install, set up chkrootkit and run it often."
I've already done that. There was no rootkit.
"How does phpnuke compromise apache if apache is set up correctly?"
I believe it's some of the modules available and running php with 'safe
mode off'.
I need to find the vulnerable code on this bo
On Tue, Jun 15, 2004 at 02:32:21PM +1000, Ross Tsolakidis wrote:
> "Wipe, install, set up chkrootkit and run it often."
> I've already done that. There was no rootkit.
>
An alternative to chkrootkit is rkhunter - it's a set of scripts. You
can find the web address on something like freshmeat.ne
Look at installing mod_security, http://modsecurity.org
Install some rules for it to harden your webserver, see if anything is
flagged in the security log.
Ross Tsolakidis wrote:
"Wipe, install, set up chkrootkit and run it often."
I've already done that. There was no rootkit.
"How does
hi ya
On Wed, 16 Jun 2004, TiM wrote:
>
> Look at installing mod_security, http://modsecurity.org
>
> Install some rules for it to harden your webserver, see if anything is
> flagged in the security log.
other web server testing tools
http://www.linux-sec.net/Web/#Testing
c ya
alvin
On Tue, 15 Jun 2004 18:46, Alberto Gonzalez Iniesta <[EMAIL PROTECTED]> wrote:
> Some of the applications I run use kwallet, that seems similar to what
> Russell Cooker described for OS X.
No. kwallet can be ptraced, this allows a hostile program to get access to
all it's data with ease.
Of cou
Would it be possible to run that program trough e.g. perl/php/... ?
A use could ftp the executable and write a php script that execute it.
Thanks in advance,
Rudy
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
On Tue, 15 Jun 2004 17:24, Rudy Gevaert <[EMAIL PROTECTED]> wrote:
> Would it be possible to run that program trough e.g. perl/php/... ?
>
> A use could ftp the executable and write a php script that execute it.
Does PHP allow executing arbitary binaries?
If the user can install CGI-BIN scripts t
Ignore my message. I didn't read the url give aboven carefully
enough. It mentions what I asked.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
On Tue, Jun 15, 2004 at 05:52:18PM +1000, Russell Coker wrote:
> On Tue, 15 Jun 2004 17:24, Rudy Gevaert <[EMAIL PROTECTED]> wrote:
> > Would it be possible to run that program trough e.g. perl/php/... ?
> >
> > A use could ftp the executable and write a php script that execute it.
>
> Does PHP al
On Tue, Jun 15, 2004 at 12:46:13AM +0200, Stephan Dietl wrote:
> Hello!
>
> andrew lattis <[EMAIL PROTECTED]> schrieb:
> > what does everyone else use to keep track of all there passwords?
>
> Following an article of Martin Joey Schulze in a german magazine i send
> a mail with the password encry
Hi,
"Fri, 11 Jun 2004 20:50:12 +0900", "[EMAIL PROTECTED]"
"may CAN-2004-041[678] affect on woody?"
>May CAN-2004-0416, CAN-2004-0417 and CAN-2004-0418 not affect
>on Debian woody? Or, may anyone works for merging this fix?
The answer is "It affects woody" and now DSA 519-1 was shipped.
On Tue, Jun 15, 2004 at 09:23:33AM +0100, David Ramsden wrote:
> On Tue, Jun 15, 2004 at 05:52:18PM +1000, Russell Coker wrote:
> > Does PHP allow executing arbitary binaries?
> >
> [snip]
>
> Yes, unless in your php.ini you have something along the lines of:
> disable_functions = system,passthr
On Tue, Jun 15, 2004 at 10:35:33AM +0200, Rudy Gevaert wrote:
> On Tue, Jun 15, 2004 at 09:23:33AM +0100, David Ramsden wrote:
> > On Tue, Jun 15, 2004 at 05:52:18PM +1000, Russell Coker wrote:
>
> > > Does PHP allow executing arbitary binaries?
> > >
> > [snip]
> >
> > Yes, unless in your php.i
On Tue, Jun 15, 2004 at 11:20:35AM +0200, Jeroen van Wolffelaar wrote:
> On Tue, Jun 15, 2004 at 10:35:33AM +0200, Rudy Gevaert wrote:
> > On Tue, Jun 15, 2004 at 09:23:33AM +0100, David Ramsden wrote:
> > > On Tue, Jun 15, 2004 at 05:52:18PM +1000, Russell Coker wrote:
> >
> > > > Does PHP allow
Hi,
"Tue, 15 Jun 2004 10:35:33 +0200", "Rudy Gevaert"
"securing PHP (was: Kernel Crash Bug)"
>Can somebody point me to some documentation about securing PHP?
Not documentation but patch for php, "Hardened-PHP".
http://www.hardened-php.net/
--
Regards,
Hideki Yamanemailto:henric
al> what does everyone else use to keep track of all there passwords?
I've used 'tkpasman' for years ... nice!
http://www.xs4all.nl/~wbsoft/linux/tkpasman.html
--
Prof Kenneth H Jacker [EMAIL PROTECTED]
Computer Science Dept www.cs.appstate.edu/~khj
Appalachian State Univ
Boon
Try kedpm, its a debian package, and has console as well as GUI
support and uses the FPM data, really nice.
micah
On Tue, 15 Jun 2004, Kenneth Jacker wrote:
> al> what does everyone else use to keep track of all there passwords?
>
> I've used 'tkpasman' for years ... nice!
>
> http://www
micah> Try kedpm, its a debian package, and has console as well as
micah> GUI support and uses the FPM data, really nice.
Thanks for the suggestion!
Though I found a web site for 'kedpm':
http://kedpm.sourceforge.net/
the following return no Debian packages:
http://packages.debian.org
Here is a list of junk subject patterns in case someone is interested.
Alain
junkMailPatterns.gz
Description: Binary data
Can the mailing list software add a X-Subscribed : yes/no in the
mail headers ? Then people decide to filter it out or not.
Alain
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
"Wipe, install, set up chkrootkit and run it often."
I've already done that. There was no rootkit.
"How does phpnuke compromise apache if apache is set up correctly?"
I believe it's some of the modules available and running php with 'safe
mode off'.
I need to find the vulnerable code on this bo
On Tue, Jun 15, 2004 at 02:32:21PM +1000, Ross Tsolakidis wrote:
> "Wipe, install, set up chkrootkit and run it often."
> I've already done that. There was no rootkit.
>
An alternative to chkrootkit is rkhunter - it's a set of scripts. You
can find the web address on something like freshmeat.ne
Look at installing mod_security, http://modsecurity.org
Install some rules for it to harden your webserver, see if anything is
flagged in the security log.
Ross Tsolakidis wrote:
"Wipe, install, set up chkrootkit and run it often."
I've already done that. There was no rootkit.
"How does phpnuk
hi ya
On Wed, 16 Jun 2004, TiM wrote:
>
> Look at installing mod_security, http://modsecurity.org
>
> Install some rules for it to harden your webserver, see if anything is
> flagged in the security log.
other web server testing tools
http://www.linux-sec.net/Web/#Testing
c ya
alvin
On Tue, 15 Jun 2004 18:46, Alberto Gonzalez Iniesta <[EMAIL PROTECTED]> wrote:
> Some of the applications I run use kwallet, that seems similar to what
> Russell Cooker described for OS X.
No. kwallet can be ptraced, this allows a hostile program to get access to
all it's data with ease.
Of cou
> "Russell" == Russell Coker <[EMAIL PROTECTED]> writes:
Russell> On Fri, 11 Jun 2004 22:34, Patrick Maheral <[EMAIL PROTECTED]> wrote:
>> It seems that most people here don't like CR systems, and I'd have to
>> agree with that consensus.
>>
>> I'm just wondering what is the general feeling a
> "Russell" == Russell Coker <[EMAIL PROTECTED]> writes:
Russell> On Fri, 11 Jun 2004 23:43, [EMAIL PROTECTED] (Rens Houben) wrote:
>> Why bother, when said windows machines will have perfectly good
>> signatures stored on them somewhere already?
Russell> Presumably the signature would be bas
43 matches
Mail list logo
