[users@httpd] RE:[users@httpd] how to prevent an executing from /tmp

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

>Hi
>Will this break file uploads using web forms?
Only if you are using any other METHOD like GET HEAD POST
[for uploads to a specific location you're using normally
PUT] and you wnat to store this in /tmp.
This is than no longer possible.




Oliver.Schaudt@xxxxxxxxx wrote:
>> Hi!
> 
>> Someone often uploads files to /tmp and then executing in on the server with 
>> webserver user priveleges. How to prevent it?
> 
>> Thanks,
>> G.
> 
> One possibility is this:
> 
> <Location /tmp >
>   <Limit GET HEAD POST>
>     Order Deny,Allow
> #    Deny from All
>     Allow from All
>   </Limit>
>   <LimitExcept GET HEAD POST>
>     Order Deny,Allow
>     Deny from all
>     Allow from 127.0.0.1
>   </LimitExcept>
> </Location>
>  
> The only one which can make than e.g. PUT /tmp/badcode.htm is than one from localost.
> 
> Greets
> 
> Oliver
> 
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
>    "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
> 
> 
> 
> 
> ------------------------------------------------------------------------
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
>    "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx

<<winmail.dat>>

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux