LINUX SECURITY --- December 19, 2000 Published by ITworld.com, the IT problem-solving network http://www.itworld.com/newsletters -------------------------------------------------------------------------- ------ HIGHLIGHTS * You're only as safe as the weakest site at your server farm -------------------------------------------------------------------------- ------ Web site Security Part II By Rick Johnson In Part I, we discussed high profile defacements and exploits. After people read the article, I heard several misguided statements declaring it could not happen to a small, unknown site such as theirs. Writing their own scripts apparently makes the code secure. Yeah, I have heard that one before. As an experiment, an associate decided to see how widespread CGI and scripting vulnerabilities have become. One of the first sites chosen was a well-known security organization's regional chapter. To their credit, the site was not blatantly vulnerable. They were running some scripts, but at first glance the site appeared to be safe. Closer examination found one critical piece of information though -- the site was hosted at a Web farm along with over 100 other sites. The site owners were even gracious enough to provide a drop down list of all the sites they host, just in case you might be lost. Therefore, we picked one and started to check it out. After only a small amount of probing, vulnerability was found. Yet again, someone used a canned script from one of those wonderful Web archives. You know the type. Go to Security Focus and see just how many of those scripts show up in an exploit search. The culprit was a well-known Perl exploit that allows not only the viewing of files, but also the executing of commands. Sure, you can only perform this as the user who runs the Web server (typically the user nobody). No big deal right? Well, a bit more digging uncovered a possible root exploit. Whisker is actually a tool that can aid in detecting these sorts of vulnerabilities. While it will not tell you exactly what to fix, it will let you know about a potentially vulnerable script. Whisker was written by, none other than, the famous Rain Forest Puppy (http://www.wiretrip.net/rfp/). RFP has contributed a great deal to our community and Whisker is just another example. Believe it or not, there was a point to all of this. Not only do you have to worry about your site, but also the drunken coding style of anyone whose site is hosted on your server. So choose your hosting provider carefully, or better still, build your own. About the author(s) ---------------- Rick Johnson is currently the Manager of Security Services for FusionStorm, a remote managed services company. When not writing, he heads the development team for PMFirewall, an Ipchains Firewall and Masquerading Configuration Utility for Linux. Rick can be contacted via email at rick@pointman.org or on the web at http://www.pointman.org. -------------------------------------------------------------------------- ------ ADDITIONAL RESOURCES Firewall makers scramble as security gadfly exposes flaw Exemption from firewall restrictions creates security hole in Internet applications http://www.itworld.com/jitw/linsec_nl/cma/ett_article_frame/0,,1_3710,00.h tml Embedded HTML mail 'bugs': Viruses waiting to happen Spammers could use the bugs to get company e-mail addresses http://www.itworld.com/jitw/linsec_nl/cma/ett_article_frame/0,,1_3640,00.h tml Web routing provides Net traffic relief http://www.itworld.com/jsw/linsec_nl/swol-08-1999/swol-08-connectivity.htm l Network balancing act Network clustering can save money and stress by evening out your server loads across a network. How does it work? http://www.itworld.com/jsw/linsec_nl/swol-11-1998/swol-11-connectivity.htm l -------------------------------------------------------------------------- ------
<<attachment: winmail.dat>>