perl-modperl mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Geoffrey Young <ge...@modperlcookbook.org>
Subject Re: setting up virtual hosts
Date Wed, 13 Jul 2005 12:55:05 GMT

>    Unfortunately, we have been hit by a [2]uselib() privilege elevation
>    exploit. As a result, our sysadmins have decided that any CGI/mod_perl
>    process has to run as a specific user instead of as www-data.

I'll admit to not being the best SA or security-minded guy around, so maybe
this is obvious to everyone but me.  nevertheless...  I've read through the
exploit, but I don't follow how changing from one (single) user to other
(multiple) users helps protect against that exploit. maybe there is some way
to trace which specific user ended up doing improper root-ish things?  I
guess that's a reason, though it's not protection.

so, for the betterment of all, what am I missing?

--Geoff

Mime
View raw message