Re: Re: Re: Company hacks through my Perl's Website Security hole

update: This post works a lot better as a reply to pzbagel, which is where it should be... except that I clicked the wrong link. My bad.

The system should have been protected by privilege separation. This guys account gets hacked, the hackers muck around... the sysadmin deletes the account. No worries.

Except it didn't work that way, this time. I can't even figure out from the parent post what actually happened. Perhaps a lightning strike took out the server room just as he realised his mistake?

____________________
Jeremy
I didn't believe in evil until I dated it.

Comment on Re: Re: Re: Company hacks through my Perl's Website Security hole

Replies are listed 'Best First'.
Re: Re: Re: Re: Company hacks through my Perl's Website Security hole by Anonymous Monk on May 21, 2004 at 17:06 UTC
The system should have been protected by privilege separation. This guys account gets hacked, the hackers muck around... the sysadmin deletes the account. No worries. Privilege separation good. But the bad guys can usually find a way to escalate their privileges once they've got a foot in the door, so I wouldn't go so far as to say "no worries".	[reply]
Re: Re: Re: Re: Re: Company hacks through my Perl's Website Security hole by jepri (Parson) on May 21, 2004 at 17:14 UTC
Agreed, although removing execute permissions from that filesystem would make it a lot harder to break in. I think mod_perl can be coaxed into running perl scripts even if they don't have execute permissions. Under really good OSs, it should be possible to prevent local privilege escalation, at least for a while. ____________________ Jeremy I didn't believe in evil until I dated it.	[reply]