Re: Another flaw in Apache?

From: Filipe Almeida (filipeat_private)
Date: Sun Jun 23 2002 - 08:07:04 PDT

  • Next message: Michal Zalewski: "Re: Another flaw in Apache?"

    Well... Seems I rushed the mail out.
    You can kill the httpd childs but you can't ptrace them because the processes
    are not dumpable.
    
    At 10:13 23-06-2002 -0400, Michal Zalewski wrote:
    >On Sun, 23 Jun 2002, Filipe Jorge Marques de Almeida wrote:
    >Not exactly. You are having access to the httpd child process, not a
    >spawned CGI script. This means that you control some interesting goods,
    >such as file descriptors, or... oh well, the child process itself. Think
    >about serving spoofed contents to all requests? Besides, suexec is pretty
    >popular nowadays.
    



    This archive was generated by hypermail 2b30 : Sun Jun 23 2002 - 09:05:45 PDT