[330] in WWW Security List Archive
Re: GE Break-in: via HTTPD?
daemon@ATHENA.MIT.EDU (Paul Phillips)
Wed Jan 18 07:04:18 1995
Date: Wed, 18 Jan 1995 00:51:23 -0800 (PST)
From: Paul Phillips <psphilli@sdcc8.UCSD.EDU>
To: www-security@ns2.rutgers.edu
In-Reply-To: <199501171348.IAA07428@fugit.ny.jpmorgan.com>
Reply-To: www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
On Tue, 17 Jan 1995, Chuck Yerkes wrote:
> It I can limit those problems with permissions and chroot, damage
> control is more likely. It DOES mean perl et al must live under the
> chroot area, but for a public server, it's one of the costs.
Using chroot is good and wise but unfortunately not always feasible.
Perl et al can add up to one darn long list if you have multiple
programmers writing CGI code in multiple languages and they need
libraries and other commands and etc. etc. etc.
You did hit the nail -- public servers are an exercise in damage
control. Much effort should be spent on detecting intrusion and limiting
the damage that will occur on other networked machines if the server is
compromised. Tripwire, COPS, and tcp_wrappers are some of your close
friends.
--
Paul Phillips EMAIL: psp@ucsd.edu PHONE: (619) 220-0850
WWW: http://www.primus.com/staff/paulp/ FAX: (619) 220-0873
