[lug] R00tKIT!! Raah!
D. Stimits
stimits at comcast.net
Tue Jun 14 18:12:19 MDT 2005
...
> Now, here is a question, can the 'apache' user install a rootkit if they
> are not root?
The question has to also be asked: Can apache be used to gain elevated
priveleges through some other buffer overflow attack? Sometimes I
believe it can, it's just more convenient to compromise something
already running as root. Realize that if you have a web server exposed,
you also expose things that run under it. Run mod_perl? Then you expose
it's vulnerabilities too (I doubt perl has any that are useful). Run a
cgi program? Then you expose its vulnerabilities. Run SSL? Then you
might be exposing SSL code vulnerabilites. Or php. It's pretty rare that
a web server is *just* apache.
D. Stimits, stimits AT comcast DOT net
More information about the LUG
mailing list