[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [suse-security] Web Server Security
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Markus,
Markus Gaugusch wrote:
> Hi,
> Does anyone think, that it makes sense to let have /bin/bash the following
> permissions?
> -rwx---r-x 1 root www 490716 Sep 9 18:12 /bin/bash
>
> With that setting, anyone exploiting the webserver could not execute
> /bin/bash (if course the same permissions could also be applied to /bin).
>
> Has anyone ever tried this? Does it break things?
iirc php needs a shell for serval functions like opening sockets.
But when i last tested it, it was around end 2003 (i chrooted some
apaches and was wondering why serval things stopped working until
i found php needs at least a /bin/sh).
So you might check that ;)
Regards,
Sven
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
iD8DBQFDcc0rQoCguWUBzBwRAmKlAJ9woPXkfSbw1vhfkVRhqXtlPNQ7TQCggq9S
ww1XAgmveOapImizNwPsajE=
=zCfI
-----END PGP SIGNATURE-----
--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here