[lug] Apache PHP exploits

Gordon Golding gordongoldin at netscape.net
Wed Jun 15 11:29:53 MDT 2005

>>>> > /tmp & /var are symlinked to /data/tmp and /data/var respectively
> Why not 'mount -ttmpfs none /tmp', and using separate data
> partitions under /var?

To stop somebody executing something via bad PHP coding under your Apache, how about having /tmp as a separate partition and have it noexec, nosuid ?

This also stops somebody from maliciously filling it up to bring down the rest of the system.

Gordon Golding
aka Golding the Younger DH70
gordongoldin at netscape.net
"If Love is Blind, why is lingerie so popular?"

Switch to Netscape Internet Service.
As low as $9.95 a month -- Sign up today at http://isp.netscape.com/register

Netscape. Just the Net You Need.

New! Netscape Toolbar for Internet Explorer
Search from anywhere on the Web and block those annoying pop-ups.
Download now at http://channels.netscape.com/ns/search/install.jsp

More information about the LUG mailing list