October 07, 2003
Heinous security hack thanks to MT
If you install MT as a user with shell login privileges, you're inviting possible disaster.
Basically there's a way, simply by editing templates (and thus files), to get MT to write some files and execute a daemon that'll let you login to a shell without authentication.
What you can do to avoid this risk is BE SURE that the files MT uses for code are not writable by the user that's running them inside the apache daemon. Likewise make sure the directories are no more writable than absolutely necessary.
Now, I can say that I'm actually grateful MT allowed this. I had a box that had gotten it's ssh daemon completely screwed up. Such that it refused to accept new logins. As a result I had to hack around trying to wedge a way into the box. MT let me get the right things created in the right places such that I could jumpstart a way into the box. This was good for me but bad overall.
I'm thinking some extra chattr or even chroot'ing steps are going to be a really good idea for MT installs...
