Re[2]: Hijacking Apache 2 via mod_perl

From: 3APA3A (3APA3A_at_SECURITY.NNOV.RU)
Date: 01/22/04

Next message: Ben Laurie: "Re: Hijacking Apache 2 via mod_perl"

Previous message: Robert Lemos: "Re: Paper announcement: Is finding security holes a good idea?"
In reply to: Ben Laurie: "Re: Hijacking Apache 2 via mod_perl"
Next in thread: Ben Laurie: "Re: Hijacking Apache 2 via mod_perl"
Reply: Ben Laurie: "Re: Hijacking Apache 2 via mod_perl"
Reply: Andrй Malo: "Re: Hijacking Apache 2 via mod_perl"
Reply: Steve G: "Re: Re[2]: Hijacking Apache 2 via mod_perl"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 22 Jan 2004 20:37:00 +0300
To: Ben Laurie <ben@algroup.co.uk>

Dear Ben Laurie,

--Thursday, January 22, 2004, 6:53:01 PM, you wrote to linux_4ever@yahoo.com:

BL> This is not a leak - mod_perl is a module that is compiled into Apache,
BL> and hence has access to all its resources (including memory). If you
BL> want to run untrusted Perl, then don't use mod_perl.

You're right: mod_perl is inside apache memory space and can access any
descriptor, so it's impossible to blame apache descriptor is leaked. But
you're wrong. mod_perl has access to memory, not perl script. At least,
it's possible to store descriptors table and implement check for
descriptor in every perl file/socket function inside mod_perl (and
mod_php and mod_something) and only allow access to std descriptors and
to descriptors open inside same script. The choice is between speed and
security.

-- 
~/ZARAZA
Когда птичка погибает от обжорства, ее нанизывают на вертел.  (Лем)

Next message: Ben Laurie: "Re: Hijacking Apache 2 via mod_perl"

Previous message: Robert Lemos: "Re: Paper announcement: Is finding security holes a good idea?"
In reply to: Ben Laurie: "Re: Hijacking Apache 2 via mod_perl"
Next in thread: Ben Laurie: "Re: Hijacking Apache 2 via mod_perl"
Reply: Ben Laurie: "Re: Hijacking Apache 2 via mod_perl"
Reply: Andrй Malo: "Re: Hijacking Apache 2 via mod_perl"
Reply: Steve G: "Re: Re[2]: Hijacking Apache 2 via mod_perl"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: MathTran and texd: Use fork() instead of running a daemon?
... Modify memory in original process: 2ms ... the perl process, Or modPerl, which builds Perl into Apache (which ... between Apache and Perl, but usually requires the application be built ...
(comp.text.tex)
[UNIX] Denial of Service in Apache HTTP Server 2.x
... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... The Apache Software Foundation's HTTP Server Project is an effort to ... A memory leak in Apache server, allows a remote user to exhaust system ... Remote exploitation of a memory leak in the Apache HTTP Server causes the ...
(Securiteam)
Hijacking Apache https by mod_php
... Mod_php under apache 2.0.x leaks a critical file descriptor that can be used to takeover the https service. ... Select on the leaked descriptor and start serving pages. ... static void server_loop; ...
(Bugtraq)
Re: packet drop with intel gigabit / marwell gigabit
... Attached is a shell script to watch mbuf usage in 1 second interval. ... If you do not see such memory problem, then you need to prepare to use ... when i stop apache it falls back to 0,1-0,2%, starting apache again and got ...
(freebsd-performance)
Re: Strange Segmentation Fault
... Tim Evers wrote: ... but large parts of apache and suexec and perl require system-specific ... Depending on where the system's memory allocator ...
(comp.lang.c)