[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-security] Hacker Goes On Defacement Spree In Australi a
- Subject: RE: [cobalt-security] Hacker Goes On Defacement Spree In Australi a
- From: Graeme Fowler <graeme.fowler@xxxxxxxxxxxxxx>
- Date: Fri, 7 Sep 2001 12:55:41 +0100
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Nick Drage wrote:
> One, do be very wary of cgi scripts.... but I expect you've
> worked that out for yourself by now.
One very useful trick to stop those naughty CGI 'exploits':
chmod 0700 /usr/sbin/inetd
stops anyone but root running inetd, thus prevents the easiest way of
getting root in the known universe. If any user can run inetd, then (say)
the webserver user can bind a shell to any non-privileged port and then they
have local access - without logging.
Once you're local, getting root is a whole lot easier...
Graeme
--
Graeme Fowler
System Administrator
Host Europe Group PLC