[CentOS] an actual hacked machine, in a preserved state
Les Mikesell
lesmikesell at gmail.com
Fri Jan 6 20:00:39 UTC 2012
On Fri, Jan 6, 2012 at 1:52 PM, email builder <emailbuilder88 at yahoo.com> wrote:
>>
>> Apache starts as root so it can open port 80. Certain bugs might
>> happen before it switched to a non-privileged user. But, a more
>> likely scenario would be to get the ability to run some arbitrary
>> command through an apache, app, or library vulnerability, and that
>> command would use a different kernel, library, or suid program
>> vulnerability to get root access. Look back through the update
>> release notes and you'll find an assortment of suitable bugs that have
>> been there...
>
> That makes sense - but that scenario seems like the vulnerability is more
> in some third party application or tool that happens to be executable by
> apache. Seems like the best defense against that is not running things
> like WordPress ;-p :-)
There have been bugs in just about everything - apache itself, php or
other modules, or the applications that use them. And in java/struts,
etc. if you prefer java web services. You just can't get away from
the theme of trading security against convenience - whatever you run
that has useful features is probably also going to have
vulnerabilities.
--
Les Mikesell
lesmikesell at gmail.com
More information about the CentOS
mailing list