Re: Re: New Santy-Worm attacks *all* PHP-skripts

[Raistlin <raistlin () gioco net>]

Paul Laudanski wrote:

> For this particular strain it would certainly help, but that is why there 
> exists new variations.  

Of course - it's no solution.

> Certainly doing it to /tmp, /usr/tmp, /var/tmp 
> could help, but it isn't 100% foolproof, and some don't even consider it 
> security.

Just a bit of hardening :)

> Then again, you can always disable the functions in php.ini for exec and 
> system for instance to help stave off other similar attacks.

That's implicit in safe_mode, AFAIK !

--
Stefano "Raistlin" Zanero
System Administrator Gioco.Net
public PGP key block at http://gioco.net/pgpkeys
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html