On Mon, Aug 29, 2011 at 4:57 PM, Corey Henderson <corman at cormander.com> wrote: >> You can avoid a lot of the problems by making sure >> that apache can't write anywhere that is mounted with execute >> capability. >> > > Or install a security module to do that for you. One that I've written > that is nearing the end of its beta: > > https://github.com/cormander/tpe-lkm > > In some cases, you can even tell it to let apache not exec anything at > all, if you're not running cgi scripts or bytecode php deployments (zend, > etc). > Would it have blocked this widely known/used vulnerability? http://seclists.org/fulldisclosure/2010/Oct/257 -- Les Mikesell lesmikesell at gmail.com