Olaf Bohlen wrote:
> But: no user (except root) should be able to gain access to nobody. so
> this is not a security hole imho.
>
> Also if you run apache-cgi's as user, apache chowns to the owner of the
> cgi before executing it:
>
>
If apache run by uid nobody, All accounts system will have gain access to
nobody if :
1. you installed php as module of apache
2. configure php as default
all you have to do is create a php script that execute code
eg.
<?php
system("/path/to/locate-exploite");
?>
put this script in your public_html directory and access this file from
your browser.
This script will execute by php uid nobody.
note : php have directives in php.ini to limit system programs that can
be executed by php :
safe_mode_exec_dir /path/to/exec-dir-allowed
open_basedir /path/to/open-dir-allowed
salam,
/*------------------------------------
--Nasir Simbolon // Web application developer //
--3WSI : 3WSI Web Solutions Indonesia
--http://3wsi.com
--*/
