[CentOS] Permissions for LAMP

Sat Jan 25 17:55:25 UTC 2014
John R Pierce <pierce at hogranch.com>

On 1/25/2014 6:12 AM, Joseph Hesse wrote:
> For my understanding, please tell me what a bad guy would have to do to
> exploit apache having read/write permission.

A) exploit a bug in PHP or Apache, perhaps known but not yet patched, or 
totally unknown

B) corrupt a database via a SQL Injection Exploit (see 
http://xkcd.com/327/ ), thence triggering a bug in your PHP code

C) take advantage of poorly written php or whatever code that allows a 
page to be uploaded (such as a photo attachment feature on a blog's 
comment engine), then manage to invoke and execute that 'picture' which 
turns out to be evil php code, now running as apache on your system.

D) ???     its amazing how resourceful starving 3rd world geeks are when 
money is put in front of them by mobsters.



-- 
john r pierce                                      37N 122W
somewhere on the middle of the left coast