Beefy Boxes and Bandwidth Generously Provided by pair Networks
Do you know where your variables are?
 
PerlMonks  

Re: Re: Re: Company hacks through my Perl's Website Security hole

by jepri (Parson)
on May 21, 2004 at 16:47 UTC ( [id://355338]=note: print w/replies, xml ) Need Help??


in reply to Re: Re: Company hacks through my Perl's Website Security hole
in thread Company hacks through my Perl's Website Security hole

update: This post works a lot better as a reply to pzbagel, which is where it should be... except that I clicked the wrong link. My bad.

The system should have been protected by privilege separation. This guys account gets hacked, the hackers muck around... the sysadmin deletes the account. No worries.

Except it didn't work that way, this time. I can't even figure out from the parent post what actually happened. Perhaps a lightning strike took out the server room just as he realised his mistake?

____________________
Jeremy
I didn't believe in evil until I dated it.

Replies are listed 'Best First'.
Re: Re: Re: Re: Company hacks through my Perl's Website Security hole
by Anonymous Monk on May 21, 2004 at 17:06 UTC
    The system should have been protected by privilege separation. This guys account gets hacked, the hackers muck around... the sysadmin deletes the account. No worries.
    Privilege separation good. But the bad guys can usually find a way to escalate their privileges once they've got a foot in the door, so I wouldn't go so far as to say "no worries".
      Agreed, although removing execute permissions from that filesystem would make it a lot harder to break in. I think mod_perl can be coaxed into running perl scripts even if they don't have execute permissions.

      Under really good OSs, it should be possible to prevent local privilege escalation, at least for a while.

      ____________________
      Jeremy
      I didn't believe in evil until I dated it.

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://355338]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others making s'mores by the fire in the courtyard of the Monastery: (9)
As of 2024-03-28 12:49 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found