Hosting Provided By

Re: Apache 2.x leaked descriptors

From: Joe Orton <jorton(at)redhat.com>
Date: Thu Mar 13 2003 - 07:51:45 EST

I think you can be more inventive on what a malicious script author can if they can run arbitrary code from a CGI script, under the Apache model: here are some things I can up with:

using ptrace() on an httpd child: now you can get the httpd child to run arbitrary code, so "fd leaks" from child to CGI script are really irrelevant. (This is an old trick: nCipher used this as a demo of how to extract in-server SSL private keys using a CGI script)
send signals to the server children: SIGSTOP will make a quick'n'easy DoS.

I'm sure there are more. The bottom line is that you must trust CGI script authors with the priviledges of the user which httpd runs as.

Regards,

joe Received on Thu Mar 13 12:31:13 2003

This message: [ Message body ]
Next message: Nate Nord: "FW: Outlook HTML crash"
Previous message: Rob Shein: "RE: Win32hlp exploit for : ":LINK overflow""
In reply to: Steve Grubb: "Apache 2.x leaked descriptors"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:07:38 EDT