'at' command and apache user
Tim
ignored_mailbox at yahoo.com.au
Fri Jun 17 11:56:32 UTC 2011
Ed Greshko:
>> Depending on the type of web pages you serve you may find there to be a
>> buffer overflow vulnerability which gives an attacker a shell and allows
>> them to execute arbitrary commands as "apache".
>>
>> I smell "danger Will Robinson"!
Gary Stainburn:
> You do have a valid point, but this is a non-public low-risk server used for
> internal admin stuff.
Though that may lead to complacency, and someone may find a way to cause
you problems that you hadn't thought of. You are probably far better
finding a way to run your command as some other user, triggered by your
risky apache user.
Generally, risky users are prevented from being able to run things for
good reasons; and you're best not to shred your security blankets for
the sake of convenience, now.
--
[tim at localhost ~]$ uname -r
2.6.27.25-78.2.56.fc9.i686
Don't send private replies to my address, the mailbox is ignored. I
read messages from the public lists.
More information about the users
mailing list