Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Apache suEXEC privilege elevation / information disclosure
From: Reindl Harald <h.reindl () thelounge net>
Date: Sat, 10 Aug 2013 16:25:55 +0200

Am 10.08.2013 12:10, schrieb Gichuki John Chuksjonia:
One thing u gotta remember most of the Admins who handle webservers in
a network are also developers since most of the organizations will
always need to cut on expenses, and as we know, most of the developers
will just look into finishing work and making it work. So if something
doesn't run due to httpd.conf, you will find these guys loosening
server security, therefore opening holes to the infrastructure.

i am one of the developers who are admin


because maintaining servers where only internal developed
software gives you the power to make security as tighten
as possible - and yes security is *always* first

not the admins which are developers are the problem

crap like wordpress, joomla, phpBB is the problem because
these developers have no idea how to secure maintain a
server and try to develop software which can be installed
by any random fool on whatever webserver without understand
the implications

thats's why these applications are *strictly* forbidden
on any machine i am responsible for, it's enough to write
abuse mails each time one of these installations outside
got hacked and is starting attacks on 3rd parties

Attachment: signature.asc
Description: OpenPGP digital signature

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]