Full Disclosure mailing list archives
Re: PHP dlopen() -> Fun with apache (and other
From: "Andreas Gietl" <a.gietl () e-admin de>
Date: Wed, 13 Aug 2003 13:47:58 +0200
Stefan Esser <s.esser () e-matters de> wrote:
Hello, well you describe nothing more than the documented functionality of the dlopen() call.
Yes of course. But this advisory should sharpen admins-mind to the threats the dl()-function confronts us with. Administrators migth think that these newly loaded modules are "contained" or otherwise protected.
You can also have a lot of fun with loading linux kernel modules if your admin allows users to load kernel moduels. And stealing SSL private key from apache memory is not really a challenge... You only need to search for some signature in memory and "steal" the next few byte behind it. Stefan Esser
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- PHP dlopen() -> Fun with apache (and other andrewg (Aug 13)
- Re: PHP dlopen() -> Fun with apache (and other Stefan Esser (Aug 13)
- Re: PHP dlopen() -> Fun with apache (and other andrewg (Aug 13)
- Re: PHP dlopen() -> Fun with apache (and other Andreas Gietl (Aug 13)
- Re: PHP dlopen() -> Fun with apache (and other Stefan Esser (Aug 13)