Re: Rootkit

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: For users of Fedora <fedora-list@xxxxxxxxxx>
Subject: Re: Rootkit
From: Manuel Arostegui Ramirez <manuel@xxxxxxxxxxxxxx>
Date: Tue, 23 Oct 2007 09:56:56 +0200
In-reply-to: <471DA2F9.3000809@xxxxxxxxxxx>
References: <2941460.47791193120370689.JavaMail.bob.smith@xxxxxxxxxxx> <200710230917.58352.manuel@xxxxxxxxxxxxxx> <471DA2F9.3000809@xxxxxxxxxxx>
Reply-to: For users of Fedora <fedora-list@xxxxxxxxxx>
User-agent: KMail/1.9.6

On Tuesday 23 October 2007 09:30:01 Andy Green wrote:

>
> But it seems to me it's not where the real problems are for servers.
> The real problems are in PHP or other scripts that accept user input as
> PHP code or database queries one way or another, and it won't really
> help since the attacker is running the properly signed stuff.  There's a
> lot of bad things the attacker can do with PHP commands, shell commands,
> alias, config files, etc that all run in 'authorized' contexts.
>

Maybe I'm taking wrong the point but, this could be avoid by using php open 
basedir, right?

Manuel
-- 
Manuel Arostegui Ramirez.

Electronic Mail is not secure, may not be read every day, and should not
be used for urgent or sensitive issues.

Follow-Ups:
- Re: Rootkit
  - From: Andy Green

References:
- Re: Rootkit
  - From: bob . smith
- Re: Rootkit
  - From: Manuel Arostegui Ramirez
- Re: Rootkit
  - From: Andy Green

Prev by Date: Re: Is there any way to 'force' a yum install/update?
Next by Date: Re: OT: Colorado Rockies computer's crash which OS?
Previous by thread: Re: Rootkit
Next by thread: Re: Rootkit
Index(es):
- Date
- Thread

[Index of Archives] [Current Fedora Users] [Fedora Desktop] [Fedora SELinux] [Yosemite News] [Yosemite Photos] [KDE Users] [Fedora Tools] [Fedora Docs]

Powered by Linux