Full Disclosure mailing list archives

Re: PHP dlopen() -> Fun with apache (and other

From: "Andreas Gietl" <a.gietl () e-admin de>
Date: Wed, 13 Aug 2003 13:47:58 +0200

Stefan Esser <s.esser () e-matters de> wrote:

Hello,

well you describe nothing more than the documented functionality
of the dlopen() call.


Yes of course. But this advisory should sharpen admins-mind to the threats the
dl()-function confronts us with. Administrators migth think that these newly
loaded modules are "contained" or otherwise protected.

You can also have a lot of fun with loading
linux kernel modules if your admin allows users to load kernel moduels.
And stealing SSL private key from apache memory is not really a
challenge... You only need to search for some signature in memory 
and "steal" the next few byte behind it.

Stefan Esser





_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

PHP dlopen() -> Fun with apache (and other andrewg (Aug 13)
- Re: PHP dlopen() -> Fun with apache (and other Stefan Esser (Aug 13)
  - Re: PHP dlopen() -> Fun with apache (and other andrewg (Aug 13)
  - Re: PHP dlopen() -> Fun with apache (and other Andreas Gietl (Aug 13)