Heinous security hack thanks to MT

Heinous security hack thanks to MT http://www.ideaspace.net/users/wkearney/archives/entries/000501.html Basically there's a way simply be editing templates and files to cause MT to write some files and execute a daemon that'll let you login to a shell with no authentication. wkearney 2003-10-07T11:46:12-05:00 http://www.ideaspace.net/users/wkearney/archives/entries/000501.html en-us Geek Basically there's a way simply be editing templates and files to cause MT to write some files and execute a daemon that'll let you login to a shell with no authentication. 2003-10-07T11:46:12-05:00 If you install MT as a user with shell login privileges, you're inviting possible disaster.

Basically there's a way, simply by editing templates (and thus files), to get MT to write some files and execute a daemon that'll let you login to a shell without authentication.

]]> Basically there's a way simply be editing templates and files to cause MT to write some files and execute a daemon that'll let you login to a shell with no authentication. What you can do to avoid this risk is BE SURE that the files MT uses for code are not writable by the user that's running them inside the apache daemon. Likewise make sure the directories are no more writable than absolutely necessary.

Now, I can say that I'm actually grateful MT allowed this. I had a box that had gotten it's ssh daemon completely screwed up. Such that it refused to accept new logins. As a result I had to hack around trying to wedge a way into the box. MT let me get the right things created in the right places such that I could jumpstart a way into the box. This was good for me but bad overall.

I'm thinking some extra chattr or even chroot'ing steps are going to be a really good idea for MT installs...

]]> 501 500 502 wkearney Bill Kearney wkearney@ideaspace.net wkearney Bill Kearney