Re: Apache 2.x leaked descriptors

From: Joe Orton (
Date: 03/13/03

  • Next message: Nate Nord: "FW: Outlook HTML crash"
    Date: Thu, 13 Mar 2003 12:51:45 +0000
    From: Joe Orton <>

    I think you can be more inventive on what a malicious script author can
    if they can run arbitrary code from a CGI script, under the Apache
    model: here are some things I can up with:

    - using ptrace() on an httpd child: now you can get the httpd child to
    run arbitrary code, so "fd leaks" from child to CGI script are really
    irrelevant. (This is an old trick: nCipher used this as a demo of how to
    extract in-server SSL private keys using a CGI script)

    - send signals to the server children: SIGSTOP will make a quick'n'easy

    I'm sure there are more. The bottom line is that you must trust CGI
    script authors with the priviledges of the user which httpd runs as.



  • Next message: Nate Nord: "FW: Outlook HTML crash"