> Unfortunately, we have been hit by a [2]uselib() privilege elevation > exploit. As a result, our sysadmins have decided that any CGI/mod_perl > process has to run as a specific user instead of as www-data.
I'll admit to not being the best SA or security-minded guy around, so maybe this is obvious to everyone but me. nevertheless... I've read through the exploit, but I don't follow how changing from one (single) user to other (multiple) users helps protect against that exploit. maybe there is some way to trace which specific user ended up doing improper root-ish things? I guess that's a reason, though it's not protection. so, for the betterment of all, what am I missing? --Geoff
