Re: Apache Vulnerability in WebTen

[Erik Lotspeich <erik@xxxxxxxxx>]

On Mon, 24 Jun 2002, Robert Brandtjen wrote:

> On Monday 24 June 2002 04:23 pm, you wrote:
> > This is absolutely not true.  WebTen's Apache runs as user "nobody".  Any
> > "arbitrary code" would be run as user nobody as well.  Applications
> > running as the restricted user "nobody" have limited access to to the
> > filesystem -- on a typical Unix system (WebTen is a Unix system at its
> > core, so this applies), no files or directories are owned by the user
> > nobody.  Furthermore, files on your Macintosh filesystem are assigned Unix
> > ownership of Pass/webten.
>
> THat may be true for user "nobody" but it has nothing to do with the apache
> problem. re-read the cert - assumption of root is usually the object of most
> such hack attempts, for your future reference. What do you think arbitrary
> code is ?

Robert,

You are exactly correct in your assumption that it would be unlikely that
a hacker would spend the time to buy MachTen, learn how to write a WORM
virus in it, and execute that code on a compromised WebTen installation.

Attack by a Perl script would be a more platform-independent solution.

Hope this clears things up,

Erik.

-- 
Erik Lotspeich                          Lead Engineer
Tenon Intersystems                      erik@xxxxxxxxx
1123 Chapala Street Ste 200             805-963-6983
Santa Barbara, CA 93101-3142            http://www.tenon.com/