[lug] R00tKIT!! Raah!

D. Stimits stimits at comcast.net
Tue Jun 14 18:12:19 MDT 2005


...
> Now, here is a question, can the 'apache' user install a rootkit if they 
> are not root?

The question has to also be asked: Can apache be used to gain elevated 
priveleges through some other buffer overflow attack? Sometimes I 
believe it can, it's just more convenient to compromise something 
already running as root. Realize that if you have a web server exposed, 
you also expose things that run under it. Run mod_perl? Then you expose 
it's vulnerabilities too (I doubt perl has any that are useful). Run a 
cgi program? Then you expose its vulnerabilities. Run SSL? Then you 
might be exposing SSL code vulnerabilites. Or php. It's pretty rare that 
a web server is *just* apache.

D. Stimits, stimits AT comcast DOT net



More information about the LUG mailing list