as far as I know, that uselib vulnerability has nothing to do with mod_perl. it's a kernel exploit. using a different user wont fix the problem, updating your kernel will. so why not do that?
Enno On Tue, 12 Jul 2005, Terrence Brannon wrote: > Unfortunately, we have been hit by a [2]uselib() privilege elevation > exploit. As a result, our sysadmins have decided that any CGI/mod_perl > process has to run as a specific user instead of as www-data. > > At the moment, the sysadmins see no way to run mod_perl such that the > mod_perl requests can run as a specific user. Unless I can find a way > to have mod_perl processes for each virtual host run as a specific > user, we will have mod_perl shutdown. > _________________________________________________________________ > > The Question > > How can we setup our virtual hosts so that each one runs as a specific > Unix user? > _________________________________________________________________ > > Last updated 12-Jul-2005 21:50:04 GMT > > References > > 1. http://hcoop.net/ > 2. http://packetstorm.rlz.cl/0501-exploits/uselib24.c > > -- > Carter's Compass: I know I'm on the right track when, > by deleting something, I'm adding functionality. > >
