Well... Seems I rushed the mail out. You can kill the httpd childs but you can't ptrace them because the processes are not dumpable. At 10:13 23-06-2002 -0400, Michal Zalewski wrote: >On Sun, 23 Jun 2002, Filipe Jorge Marques de Almeida wrote: >Not exactly. You are having access to the httpd child process, not a >spawned CGI script. This means that you control some interesting goods, >such as file descriptors, or... oh well, the child process itself. Think >about serving spoofed contents to all requests? Besides, suexec is pretty >popular nowadays.
This archive was generated by hypermail 2b30 : Sun Jun 23 2002 - 09:05:45 PDT