I think you can be more inventive on what a malicious script author can if they can run arbitrary code from a CGI script, under the Apache model: here are some things I can up with: - using ptrace() on an httpd child: now you can get the httpd child to run arbitrary code, so "fd leaks" from child to CGI script are really irrelevant. (This is an old trick: nCipher used this as a demo of how to extract in-server SSL private keys using a CGI script) - send signals to the server children: SIGSTOP will make a quick'n'easy DoS. I'm sure there are more. The bottom line is that you must trust CGI script authors with the priviledges of the user which httpd runs as. Regards, joe
This archive was generated by hypermail 2b30 : Thu Mar 13 2003 - 09:22:36 PST