in reply to Re: Re: Re: Company hacks through my Perl's Website Security hole
in thread Company hacks through my Perl's Website Security hole

The system should have been protected by privilege separation. This guys account gets hacked, the hackers muck around... the sysadmin deletes the account. No worries.
Privilege separation good. But the bad guys can usually find a way to escalate their privileges once they've got a foot in the door, so I wouldn't go so far as to say "no worries".
  • Comment on Re: Re: Re: Re: Company hacks through my Perl's Website Security hole

Replies are listed 'Best First'.
Re: Re: Re: Re: Re: Company hacks through my Perl's Website Security hole
by jepri (Parson) on May 21, 2004 at 17:14 UTC
    Agreed, although removing execute permissions from that filesystem would make it a lot harder to break in. I think mod_perl can be coaxed into running perl scripts even if they don't have execute permissions.

    Under really good OSs, it should be possible to prevent local privilege escalation, at least for a while.

    ____________________
    Jeremy
    I didn't believe in evil until I dated it.

[reply]

In Section Seekers of Perl Wisdom