[Gllug] ssh authentification
Bruce Richardson
itsbruce at uklinux.net
Thu Jul 27 18:12:38 UTC 2006
On Thu, Jul 27, 2006 at 06:09:32PM +0100, - wrote:
> On 7/27/06, Ryland, Peter <peter.ryland at squaregain.co.uk> wrote:
>
> >You could also ask apache to run an arbitrary command to ascertain the
> >password, so all sorts of things are then possible.
>
> Oh, agreed. But the basic principle remains the same. If Apache is
> capable of getting at the private key without user interaction, then
> so is an attacker that has managed to get local shell access.
They would also need root access, if you've configured the system
sensibly.
--
Bruce
I must admit that the existence of Disneyland (which I know is real)
proves that we are not living in Judea in AD 50. -- Philip K. Dick
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 196 bytes
Desc: Digital signature
URL: <http://mailman.lug.org.uk/pipermail/gllug/attachments/20060727/3b5aa95b/attachment.pgp>
-------------- next part --------------
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list