Re: Apache 2.x leaked descriptors

From: Joe Orton (jorton@redhat.com)
Date: 03/13/03

  • Next message: Nate Nord: "FW: Outlook HTML crash"
    Date: Thu, 13 Mar 2003 12:51:45 +0000
    From: Joe Orton <jorton@redhat.com>
    To: vuln-dev@securityfocus.com
    
    

    I think you can be more inventive on what a malicious script author can
    if they can run arbitrary code from a CGI script, under the Apache
    model: here are some things I can up with:

    - using ptrace() on an httpd child: now you can get the httpd child to
    run arbitrary code, so "fd leaks" from child to CGI script are really
    irrelevant. (This is an old trick: nCipher used this as a demo of how to
    extract in-server SSL private keys using a CGI script)

    - send signals to the server children: SIGSTOP will make a quick'n'easy
    DoS.

    I'm sure there are more. The bottom line is that you must trust CGI
    script authors with the priviledges of the user which httpd runs as.

    Regards,

    joe


  • Next message: Nate Nord: "FW: Outlook HTML crash"

    Relevant Pages

    • Apache slowly consumes all system memory while running streaming CGI script.
      ... eventually consuming all system memory and starving Apache and other ... test to a really simple CGI script which reproduces the memory growth ... Point a browser at the CGI script ... wakka wakka wakka wakka wakka wakka wakka ...
      (comp.infosystems.www.servers.unix)
    • Re: IIS Config Help - This is a hard one - Migration from Linux to Win2K
      ... Migrate Apache Settings and Configure IIS in a UNIX-to-Windows ... > I am migrating a website from a Linux server to a Win2k server. ... > to a CGI script. ... > pop-up the binary data in a new browser page. ...
      (microsoft.public.inetserver.iis.security)
    • Re: object references/memory access
      ... between two python programs on the same machine. ... by the client web browser would improve? ... and connect this to Apache through the ... The CGI script has a file handle, and it is not possible to pass ...
      (comp.lang.python)
    • Re: How to apply Apache directives to dynamic HTML?
      ... I am running pyBlosxom (a python blog server) as a blog ... dynamically served by a CGI script, i.e. the URL is something like:- ... the required charset within the block and leave apache out of it. ...
      (Fedora)
    • RH -> Debian migration breaks CGI script under Apache
      ... I've recently upgraded our webserver from RH 7.3 to Debian "etch", ... which involves setting a signal handler for an alarm: ... This worked fine as a CGI script on the old RH box, ... Is there some subtle bit of Apache configuration that I may be missing ...
      (comp.infosystems.www.authoring.cgi)