On Tuesday 27 September 2005 16:46, System Administrator wrote: > I'm no expert on security, but it seems odd to me that a remote user > could use apache to write to my /tmp directory and then execute the > script. Any idea how this happened? Almost certainly through some server extension, such as a CGI or PHP script. There are two parts: one is writing to /tmp, the other is executing it. To prevent writing to /tmp may be feasible, but is likely to cripple other applications. Running in a chroot jail might just work. You can and should prevent apache writing anywhere else in your filesystem using standard file protections. Some legitimate applications may require write access, for which see below. To prevent execution, you should mount /tmp, and any other directories with write access for Apache, as noexec. This again is a filesystem property. Now go and read Lincoln Stein's WWW security FAQ, followed by Ivan Ristic's book if the FAQ doesn't satisfy you, or if your situation is complex (e.g. if you allow third-party CGI or PHP scripts, or *any* PHP not in "safe mode"). -- Nick Kew --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx