Re: an actual hacked machine, in a preserved state

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

On 1/5/2012 9:13 PM, email builder wrote:
>> 1.) Attacker uses apache remote exploit (or other means) to obtain
>
>>   your /etc/shadow file (not a remote shell, just GET the file
>> without that fact being logged);
>
> I don't mean to thread-hijack, but I'm curious, if apache runs as its
> own non-root user and /etc/shadow is root-owned and 0400, then
> how could any exploit of software not running as root ever have
> access to that file??
> _______________________________________________
> CentOS mailing list
> CentOS@xxxxxxxxxx
> http://lists.centos.org/mailman/listinfo/centos

It's possible if the kernel is vulnerable to a local root exploit, and 
the attacker who gained entry to the system via apache, was able to use 
it and elevate privileges.

-- 
Corey Henderson
http://cormander.com/
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux