Am Di, den 08.11.2005 schrieb akonstam@xxxxxxxxxxx um 15:31: > > I got some questions about the SUID and SGID attributes. I'm running a > > web server with Apache and FC3, and I was asked to eliminate this > > attributes to the files that don't need them to work properly. > > Aron L. > You don't need to post all the files but I can't quite see what files need > these privilidges on a web server. Could you give us and example? > Aaron Konstam I think Aron speaks about those binaries on his system, which are system tools - not binaries inside the DocumentRoot. Those for instance you easily see by "ls -al /bin/". I feel it is safe to trust those who make the Fedora distribution to fix software and shipping updates if there should be a bug with any of the software which has a suid binary. There is not really a need to change permission of those suid binaries to secure your webserver. Other things have to care for to make it secure: use SELinux, keep care for file permissions and software you offer through the webspace. Shut down services, especially those listening on public devices, which you don't need to run, maybe use in addition mod-security from Fedora Extras ... Alexander -- Alexander Dalloz | Enger, Germany | GPG http://pgp.mit.edu 0xB366A773 legal statement: http://www.uni-x.org/legal.html Fedora Core 2 GNU/Linux on Athlon with kernel 2.6.11-1.35_FC2smp Serendipity 15:35:25 up 10 days, 13:35, load average: 0.12, 0.22, 0.29
Attachment:
signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil
