Bugtraq mailing list archives
Re: Hijacking Apache 2 via mod_perl
From: lupe () lupe-christoph de (Lupe Christoph)
Date: Thu, 22 Jan 2004 11:20:22 +0100
On Wednesday, 2004-01-21 at 22:53:33 -0000, Steve Grubb wrote:
Product: mod_perl Versions: 1.99_09 / apache 2.0.47 URL: http://perl.apache.org Impact: Daemon Hijacking Bug class: Leaked Descriptor Vendor notified: Yes Fix available: No Date: 01/21/04
Issue: ====== Mod_perl under apache 2.0.x leaks critical file descriptors that can be used to takeover (hijack) the http and https services.
It does not leak them. Your code reopens them. Installing your code requires superuser permissions. Or the willingness of the admin of the machine to trust people with the right to install code that runs inside Apache. Much the same can be done with anything that runs inside Apache. For example, mod_php. So in essence you are complaining that an Apache extensions has the right to do anything inside Apache it can be programmed to do. For example, to receive POST data, the extension code has to be able to access the FD that connects to the browser. It also has to be able to write to that FD to send a reply. To write to a log, it needs write access (mostly through the Apache ABI) to the log filedescriptors. Can you suggest a way to avoid this? I have forwarded your mail to the mod_perl mailing list, which I'm also Ccing on this mail. Had you taken your problem there first, this silliness could have been avoided. The thread starts at http://marc.theaimsgroup.com/?l=apache-modperl&m=107475920405755&w=2 Lupe Christoph -- | lupe () lupe-christoph de | http://www.lupe-christoph.de/ | | "Violence is the resort of the violent" Lu Tze | | "Thief of Time", Terry Pratchett |
Current thread:
- Hijacking Apache 2 via mod_perl Steve Grubb (Jan 21)
- Re: Hijacking Apache 2 via mod_perl Ben Laurie (Jan 22)
- Re[2]: Hijacking Apache 2 via mod_perl 3APA3A (Jan 22)
- Re: Hijacking Apache 2 via mod_perl Ben Laurie (Jan 22)
- Re: Hijacking Apache 2 via mod_perl André Malo (Jan 22)
- Re: Hijacking Apache 2 via mod_perl Steve G (Jan 22)
- Re: Hijacking Apache 2 via mod_perl jon schatz (Jan 23)
- Re: Hijacking Apache 2 via mod_perl Matthew Wakeling (Jan 24)
- Re[2]: Hijacking Apache 2 via mod_perl 3APA3A (Jan 22)
- Re: Re[2]: Hijacking Apache 2 via mod_perl Steve G (Jan 22)
- Re: Hijacking Apache 2 via mod_perl Ben Laurie (Jan 22)