Perl & Security
Angelos Karageorgiou
angelos at unix.gr
Thu Oct 12 15:31:04 EEST 2000
Christos Ricudis wrote:
>
> Hello Bassoukos!
>
> On 11 Oct 00, Bassoukos Tassos wrote to Adrianos Papamarkou with subject "Re:
> Perl & Security":
>
> >> Είναι ασφαλές να ενεργοποιηθεί η χρηση cgi (Perl) από
> >> τους χρηστες σε ένα σύστημα (linux) free web hosting?
>
> BT> Oxi.
>
> Pairneis ena bodi PIII me 512MB ram, apo ayta poy bazoyn synh8ws oi ellhnes na
> kanoyn webhosting, pepeismenoi oti to ekplhktiko kai fobero site toys 8a piasei
> kanena billionhits/day.
>
> Toy bazeis na trexei kammia 10aria user-mode linux kernels, fortwneis ta
> essentials apo mia distribution epanw, dineis ta root passwords stoys pelates,
> kai meta as kanoyn o,ti 8eloun.
>
ricudis be gentle
Nai re ginetai to user mode perl executables na einai safe, oxi apolytws
safe
alla oso safe tha itan na eixan shell access, h ligo ligotero as poume.
Se ena sxetika kalosthmeno systhma eisai sxetika asfalhs.
Me sxetiko ekshgoume. O apache trexei nobody.nogroup ta user accounts
einai mod 705
oloi oi users anhkoun sto idio group. Den yparxoun SETUID SETGID
executables pouthena
sto systhma. Ta TMPs einai mounted NOSUEXEC h kalytera akomh NOEXEC
kai den yparxoyn pouthena writable directories opws /var/spool/uucp h
/home/ftp/uploads
kai sygkekrimmena files einai unreadable by all. p.x.
/etc/inetd.conf /etc/named.conf /usr/local/apache/conf/*
/etc/rc.d/rc*.d/* /sbin/init.d/*
/root/* /etc/ftp/* klp klp
Kalh idea epishs einai stp FTP oi xrhstes na mhn mporoun na bgainoun apo
to dir tous
sto WU-ftp kaneis GuestGroup USers dhladh to group pou anhkoun oi users
to kaneis guestgroup
Megalytero problhma asfaleias einai h xrhsh FTP kai POP3 giati oi
sniffers exoun arxisei na plithainoun ......
Poio eykola tha se kanoun deface me ena sniffer para me to nmap.
Fysika h lysh toy Ricudi einai optimal
--
linux-greek-users mailing list -- http://lists.hellug.gr
More information about the Linux-greek-users
mailing list