Re: Rootkit

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Somebody in the thread at some point said:
> On Tuesday 23 October 2007 09:30:01 Andy Green wrote:
> 
>> But it seems to me it's not where the real problems are for servers.
>> The real problems are in PHP or other scripts that accept user input as
>> PHP code or database queries one way or another, and it won't really
>> help since the attacker is running the properly signed stuff.  There's a
>> lot of bad things the attacker can do with PHP commands, shell commands,
>> alias, config files, etc that all run in 'authorized' contexts.
>>
> 
> Maybe I'm taking wrong the point but, this could be avoid by using php open 
> basedir, right?

Some things can be avoided by that... I use safe_mode on and
open_basedir, safe_mode_exec_dir and more.  But watching people trying
to hack Tikiwki was very educational.  One of the things they were after
was to dump the Tikiwiki config file that contained the database
credentials, which they could have done despite the .htaccess in there
from inside the vulnerable PHP.  I guess they would have tried those
credentials on a login, modified the tikiwiki contents to be spam, drop
javascript trojans, who knows what.

We are ALL *one* flaw in something away from being cracked, open_basedir
or not.

-Andy

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux