httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Georgy Goshin" <go...@inbox.ee>
Subject Re: [users@httpd] how to prevent an executing from /tmp
Date Sat, 03 Jun 2006 10:36:50 GMT
Immidiatley after restart someone donwloads to /tmp file sysinitrd, how do I 
know wich virtualhost do this?


[Sat Jun 03 13:30:25 2006] [notice] LDAP: Built with OpenLDAP LDAP SDK
[Sat Jun 03 13:30:25 2006] [notice] LDAP: SSL support unavailable
[Sat Jun 03 13:30:25 2006] [notice] suEXEC mechanism enabled (wrapper: 
/usr/sbin/suexec)
[Sat Jun 03 13:30:26 2006] [notice] Digest: generating secret for digest 
authentication ...
[Sat Jun 03 13:30:26 2006] [notice] Digest: done
[Sat Jun 03 13:30:26 2006] [notice] LDAP: Built with OpenLDAP LDAP SDK
[Sat Jun 03 13:30:26 2006] [notice] LDAP: SSL support unavailable
[Sat Jun 03 13:30:26 2006] [notice] mod_python: Creating 32 session mutexes 
based on 512 max processes and 0 max threads.
[Sat Jun 03 13:30:27 2006] [notice] Apache/2.0.51 (Fedora) mod_perl/1.99_12 
Perl/v5.8.3 DAV/2 PHP/4.3.11 mod_python/3.1.3 Python/2.3.3 mod_ssl/2.0.51 
OpenSSL/0.9.7a configu
red -- resuming normal operations
--13:30:39--  http://212.78.204.20/turbo3000/sysinitd
           => `sysinitd'
Connecting to 212.78.204.20:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 31,973 [text/plain]

    0K .......... .......... .......... .                    100%  343.06 
KB/s

13:30:39 (343.06 KB/s) - `sysinitd' saved [31,973/31,973]

sh: line 1: ./sysinitd: Permission denied
--13:30:53--  http://212.78.204.20/turbo3000/sysinitd
           => `sysinitd.1'
Connecting to 212.78.204.20:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 31,973 [text/plain]

    0K .......... .......... .......... .                    100%  278.19 
KB/s

13:30:53 (278.19 KB/s) - `sysinitd.1' saved [31,973/31,973]

sh: line 1: ./sysinitd: Permission denied




And I often find a processes with name '-bash' and uid 'apache' - how to 
disallow this?


I remounted /tmp and /home with noexec,nosuid.


Thanks,
G.

----- Original Message ----- 
From: "JP" <jp@tulane.edu>
To: <users@httpd.apache.org>
Sent: Friday, June 02, 2006 5:23 PM
Subject: RE: [users@httpd] how to prevent an executing from /tmp


>>
>> Someone often uploads files to /tmp and then executing in on the server
>> with
>> webserver user priveleges. How to prevent it?
>>
>
> How about changing the umask of the webuser?
>
> JP
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
> 


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message