'Re: [Slashcode-general] Gentoo installation - general slash security questions'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       slashcode-general
Subject:    Re: [Slashcode-general] Gentoo installation - general slash security questions
From:       Shane <shane () lottadot ! com>
Date:       2004-11-07 14:07:55
Message-ID: 6BBB6AE6-30C6-11D9-B41D-000A95DBD7A6 () lottadot ! com
[Download RAW message or body]

Does gentoo have a 'valid shells file' ie /etc/shells?

As for security if the user that apache is running under has a shell, I 
doubt it's a problem. If I recall back a few years ago redhat was 
putting /bin/false or /dev/null into the shell for the nobody account. 
Which was a slight problem with slash/slashd.

I'd google on it if I were you, but that's about it.

  Shane

disclaimer: I've never used Gentoo.

On Nov 6, 2004, at 8:52 PM, George Clark wrote:

> -4.9 BAYES_00               BODY: Bayesian spam probability is 0 to 1%
>                             [score: 0.0000]
> -0.2 AWL                    AWL: Auto-whitelist adjustment
> X-Scan-Signature: 2a53a7fc9a909a50ee1db7d84892058a
>
>
> Hi all,
>
> On Gentoo, apache runs under as user:group apache:apache instead of
> nobody:nogroup.  The shell for apache in /etc/passwd is set to 
> /bin/false.  The
> 'su" command on gentoo does not include the ability to override the 
> "shell", so
> the shell in the passwd file has to be valid.
>
> I built slash using  USER=apache GROUP=apache on the make statement,  
> and
> u=apache g=apache on the install-slashsite command.  In order to get 
> slashd to
> start I had to put a shell on the apache entry in passwd and remove the
> --shell="/bin/sh" from the Linux su statement in init.d/slash.
>
> Any thought on if there could be a security exposure by providing a 
> valid shell
> to apache?  Would it be preferable to create a new "slash" uid:gid and 
> add the
> apache uid to the slash group so that apache has access to the slash 
> files?
>
> Any suggestions on how I should set up the file and task ownership?
>
> Thanks,
> George
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by:
> Sybase ASE Linux Express Edition - download now for FREE
> LinuxWorld Reader's Choice Award Winner for best database on Linux.
> http://ads.osdn.com/?ad_id=5588&alloc_id=12065&op=click
> _______________________________________________
> Slashcode-general mailing list
> Slashcode-general@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/slashcode-general
>



-------------------------------------------------------
This SF.Net email is sponsored by:
Sybase ASE Linux Express Edition - download now for FREE
LinuxWorld Reader's Choice Award Winner for best database on Linux.
http://ads.osdn.com/?ad_id=5588&alloc_id=12065&op=click
_______________________________________________
Slashcode-general mailing list
Slashcode-general@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/slashcode-general
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic