Bugtraq mailing list archives
Re: Hijacking Apache 2 via mod_perl
From: jon schatz <jon () divisionbyzero com>
Date: Thu, 22 Jan 2004 19:55:22 -0800
Steve G wrote:
Then one just writes a perl extension in C. Who's responsible then?But don't you need root to add extentions?
Who's responsible if you just write a C module which hijacks thedescriptors?Again, you need an admin to update apache's config.
you need an admin to update the config file if you're trying to use the LoadModule directive. but if mod_perl's already running (and if .htaccess files aren't locked down enough), you can use the SetHandler to load up any (malicous) modules you might need. afaik, loading a module once in mod_perl will make it available to every child process. if i've been reading this thread right (and there's a good chance i haven't) then this would give EvilModule.pm access to the leaked fd's.
(i haven't tested this for httpd2/mod_perl2, but i know it holds true for httpd1.3.x/mod_perl, and the new docs don't indicate any changes).
-jon -- jon () divisionbyzero com || www.divisionbyzero.com gpg key: www.divisionbyzero.com/pubkey.asc think i have a virus? www.divisionbyzero.com/pgp.html "You are in a twisty little maze of Sendmail rules, all confusing."
Current thread:
- Hijacking Apache 2 via mod_perl Steve Grubb (Jan 21)
- Re: Hijacking Apache 2 via mod_perl Ben Laurie (Jan 22)
- Re[2]: Hijacking Apache 2 via mod_perl 3APA3A (Jan 22)
- Re: Hijacking Apache 2 via mod_perl Ben Laurie (Jan 22)
- Re: Hijacking Apache 2 via mod_perl André Malo (Jan 22)
- Re: Hijacking Apache 2 via mod_perl Steve G (Jan 22)
- Re: Hijacking Apache 2 via mod_perl jon schatz (Jan 23)
- Re: Hijacking Apache 2 via mod_perl Matthew Wakeling (Jan 24)
- Re[2]: Hijacking Apache 2 via mod_perl 3APA3A (Jan 22)
- Re: Re[2]: Hijacking Apache 2 via mod_perl Steve G (Jan 22)
- Re: Hijacking Apache 2 via mod_perl Ben Laurie (Jan 22)