Geoffrey Young <[EMAIL PROTECTED]> writes:
>> Unfortunately, we have been hit by a [2]uselib() privilege elevation
>> exploit. As a result, our sysadmins have decided that any CGI/mod_perl
>> process has to run as a specific user instead of as www-data.
>
> I'll admit to not being the best SA or security-minded guy around, so maybe
> this is obvious to everyone but me. nevertheless... I've read through the
> exploit, but I don't follow how changing from one (single) user to other
> (multiple) users helps protect against that exploit.
me either
> maybe there is some way to trace which specific user ended up doing
> improper root-ish things? I guess that's a reason, though it's not
> protection.
yes, it certainly just lets us narrow down who led to it and nothing else.
> >
> so, for the betterment of all, what am I missing?
nothing, as far as I can see :)
> >
> --Geoff
>
--
Carter's Compass: I know I'm on the right track when,
by deleting something, I'm adding functionality.
