Full Disclosure mailing list archives
Re: Fun with mod_php/Apache 1.3, yet Apache much better than II$
From: Georgi Guninski <guninski () guninski com>
Date: Thu, 07 Nov 2002 12:37:23 +0200
Stefan Esser wrote:
On Wed, Nov 06, 2002 at 08:15:48PM +0200, Georgi Guninski wrote:I. Apache and php were notified on Tue, 15 Oct 2002 18:16:40 +0300 The Apache guys seem to prepare a fix. The php guys replied this is known for ages but did not provide reference for the claims.It is known for ages because it is a UNIX design decision to inherit file descriptors on exec. Thats why most derivates support a CLOSE ON EXEC flag. I told you several times that I used the fd leakage in my e-matters PHP exploits to clean the apache log files for demonstration. This code belongs to e-matters and cannot made public...
I got only one message which said that closing on exec can cause problems. And I did not got any reply to the question: "So please someone officially reply - "FIX - when" or "NOT FIX" from Date: Mon, 21 Oct 2002 16:36:53 +0300 Georgi _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Fun with mod_php/Apache 1.3, yet Apache much better than II$ Georgi Guninski (Nov 06)
- Re: Fun with mod_php/Apache 1.3, yet Apache much better than II$ Stefan Esser (Nov 06)
- Re: Fun with mod_php/Apache 1.3, yet Apache much better than II$ Georgi Guninski (Nov 07)
- Re: Fun with mod_php/Apache 1.3, yet Apache much better than II$ Stefan Esser (Nov 06)
