[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] Web Server Security



Ludwig Nussel wrote:

Markus Gaugusch wrote:
Does anyone think, that it makes sense to let have /bin/bash the following permissions?
-rwx---r-x  1 root www 490716 Sep  9 18:12 /bin/bash

With that setting, anyone exploiting the webserver could not execute /bin/bash (if course the same permissions could also be applied to /bin).

Has anyone ever tried this? Does it break things? Did I find something cool? ;-)

I like it :-) It's not a real protection though. Especially not
against an attacker that spends time to break into your system. It
might help as quick workaround in situations where a hole is not
fixed yet against script kiddies or worms that cannot adapt to such
surprises.



For that, removal of wget(1) is probably more useful.
Does YOU work even without wget?



Rainer


--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here