[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Hack attempt

To: aderkach@spymac.com
Subject: Re: Hack attempt
From: Alvin Oga <alvin.sec@Virtual.Linux-Consulting.com>
Date: Fri, 23 Jul 2004 16:43:21 -0700 (PDT)
Cc: focus-linux@securityfocus.com
Delivered-to: shane@homeo.stud.ntnu.no
Delivered-to: mailing list focus-linux@securityfocus.com
Delivered-to: moderator for focus-linux@securityfocus.com
In-reply-to: <20040723020400.GA17351@relex> from "Alex Derkach" at Jul 22, 2004 10:04:00 PM
List-help: <mailto:focus-linux-help@securityfocus.com>
List-id: <focus-linux.list-id.securityfocus.com>
List-post: <mailto:focus-linux@securityfocus.com>
List-subscribe: <mailto:focus-linux-subscribe@securityfocus.com>
List-unsubscribe: <mailto:focus-linux-unsubscribe@securityfocus.com>
Mailing-list: contact focus-linux-help@securityfocus.com; run by ezmlm

hi ya 

> Not really an exploit IMO. It is a feature in PHP which you should 
> disable if you don't use it. (Edit php.ini OR httpd.conf and add a 
> disable_functions directive). You shouldn't be too worried, the 'hacker' 
> can't get access to anything that the web server user doesn't have 
> access to, but don't take any chances either. (a simple rm -rf can wipe 
> you out and leave you wishing you had backups)

yup ... it's "not" critical that the script kiddie can get your /etc/shadow file
that is also accessble by the world ... or your host key files ...
	- bet you have it turned off yourself ...

always assume you've been or can be rm -rf / as root at any time ... 
and continue to implement/clean up the security policies from that assumption 

c ya
alvin

References:
- Re: Hack attempt
  - From: Alex Derkach <aderkach@spymac.com>

Prev by Date: Re: Hack attempt
Next by Date: Re: Hack attempt
Previous by thread: Re: Hack attempt
Next by thread: Re: Hack attempt
Index(es):
- Date
- Thread