Bugtraq: Re: Hijacking Apache 2 via mod

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: Hijacking Apache 2 via mod_perl

From: Steve G <linux_4ever () yahoo com>
Date: Thu, 22 Jan 2004 10:04:00 -0800 (PST)

Then one just writes a perl extension in C. Who's responsible 
then?


But don't you need root to add extentions?

Who's responsible if you just write a C module which hijacks the
descriptors?


Again, you need an admin to update apache's config.

Where do you draw the line?


I would think apache should have a safe and defined interface
between itself and modules. I cannot possibly think of any file
descriptor besides 0, 1, &2 that a module would need. The logs
should be stderr, the module should open a descriptor itself, or
apache have an API just for that purpose.

Xinetd, stunnel, and sshd can all run completely untrusted
applications without leaking their listening descriptor. Why
can't apache? Its not just mod_perl, mod_php leaks the https
descriptor, too.

-Steve Grubb

__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free web site building tool. Try it!
http://webhosting.yahoo.com/ps/sb/

By Date By Thread

Current thread:

Hijacking Apache 2 via mod_perl Steve Grubb (Jan 21)
- Re: Hijacking Apache 2 via mod_perl Ben Laurie (Jan 22)
  - Re[2]: Hijacking Apache 2 via mod_perl 3APA3A (Jan 22)
    - Re: Hijacking Apache 2 via mod_perl Ben Laurie (Jan 22)
    - Re: Hijacking Apache 2 via mod_perl André Malo (Jan 22)
    - Re: Hijacking Apache 2 via mod_perl Steve G (Jan 22)
    - Re: Hijacking Apache 2 via mod_perl jon schatz (Jan 23)
    - Re: Hijacking Apache 2 via mod_perl Matthew Wakeling (Jan 24)
    - Re: Re[2]: Hijacking Apache 2 via mod_perl Steve G (Jan 22)
- Re: Hijacking Apache 2 via mod_perl Lupe Christoph (Jan 22)