[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] Web Server Security



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Markus,

Markus Gaugusch wrote:
> Hi,
> Does anyone think, that it makes sense to let have /bin/bash the following 
> permissions?
> -rwx---r-x  1 root www 490716 Sep  9 18:12 /bin/bash
> 
> With that setting, anyone exploiting the webserver could not execute 
> /bin/bash (if course the same permissions could also be applied to /bin).
> 
> Has anyone ever tried this? Does it break things? 

iirc php needs a shell for serval functions like opening sockets.
But when i last tested it, it was around end 2003 (i chrooted some
apaches and was wondering why serval things stopped working until
i found php needs at least a /bin/sh).
So you might check that ;)

Regards,
Sven
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQFDcc0rQoCguWUBzBwRAmKlAJ9woPXkfSbw1vhfkVRhqXtlPNQ7TQCggq9S
ww1XAgmveOapImizNwPsajE=
=zCfI
-----END PGP SIGNATURE-----

-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here