[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [suse-security] Web Server Security
-----BEGIN PGP SIGNED MESSAGE-----
Markus Gaugusch wrote:
> Does anyone think, that it makes sense to let have /bin/bash the following
> -rwx---r-x 1 root www 490716 Sep 9 18:12 /bin/bash
> With that setting, anyone exploiting the webserver could not execute
> /bin/bash (if course the same permissions could also be applied to /bin).
> Has anyone ever tried this? Does it break things?
iirc php needs a shell for serval functions like opening sockets.
But when i last tested it, it was around end 2003 (i chrooted some
apaches and was wondering why serval things stopped working until
i found php needs at least a /bin/sh).
So you might check that ;)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
-----END PGP SIGNATURE-----
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here