oss-sec mailing list archives
Re: CVE request: mod_ruid2 before 0.9.8
From: John Lightsey <john () nixnuts net>
Date: Fri, 22 Mar 2013 15:46:56 -0500
On 03/22/2013 03:36 PM, Kurt Seifried wrote:
On 03/22/2013 09:08 AM, John Lightsey wrote:
In versions of mod_ruid2 before 0.9.8, the filedescriptor used to break out of the chroot is inherited by all Apache subprocesses. This allows CGI scripts to also to break out of the chroot by performing a fchdir() across the inherited file descriptor.http://sourceforge.net/mailarchive/forum.php?thread_name=514C503E.4020109%40users.sourceforge.net&forum_name=mod-ruid-announceCan you provide a link to the source code fix? thanks.
https://github.com/mind04/mod-ruid2/commit/1fed9dda70cd44d54301df19730a29ae0989e0a2 The key part of the fix is the block at line 366: } else if (fcntl(root_handle, F_SETFD, FD_CLOEXEC) < 0) { ...
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- CVE request: mod_ruid2 before 0.9.8 John Lightsey (Mar 22)
- Re: CVE request: mod_ruid2 before 0.9.8 Kurt Seifried (Mar 22)
- Re: CVE request: mod_ruid2 before 0.9.8 John Lightsey (Mar 22)
- Re: CVE request: mod_ruid2 before 0.9.8 Kurt Seifried (Mar 22)
- Re: CVE request: mod_ruid2 before 0.9.8 John Lightsey (Mar 22)
- Re: CVE request: mod_ruid2 before 0.9.8 Kurt Seifried (Mar 22)