Antoine Pitrou wrote:
> Well, if I can create a setuid apache shell, I can probably su as root or apache
> as well.
> ("su -c rm -r whatever")
>
> Or are you talking about a Web-based shell?
I'm just saying that if there is any way of running code of
your choice as the apache user, you can get it to make a
copy of /bin/sh and suid it.
Of course, if you have permission to su apache, then this
is not necessary. But then you wouldn't have to go through
web server contortions to fix apache-generated botchups
either.
--
Greg
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4