Bugtraq mailing list archives
Re: DoS attack: apache (& other) .htaccess Authentication
From: dgaudet-list-bugtraq () ARCTIC ORG (Dean Gaudet)
Date: Fri, 16 Jan 1998 10:51:20 -0800
On Fri, 16 Jan 1998, Casper Dik wrote:
Or if you use a default /net automount on Solaris, just open "/net/far-a-field" Seems like a problem that's hard to generally fix, other than making sure noone gets to write .htaccess files.
If you have to fstat() the .htaccess file anyway you can also ensure that it's on a device number that's "appropriate". But this doesn't work so hot for folks using automounted home directories. It works just fine if you've got all your web users on a few local partitions that don't contain "nasty" files. (You all have separate / and /export/home right?) Incidentally this is an alternate solution to the symlink protection already in apache... the symlink protection is expensive and hard to configure right. You can find a sample module for 1.3 at <http://www.arctic.org/~dgaudet/apache/mod_allowdev.c>. Before anyone asks, no I won't port it to 1.2. Doesn't handle all the cases either. Opening a file is a critical section because it is a resource that needs to be tracked. But a SIGALRM handler could be told that you're in a critical section, and if it's missing SA_RESTART then it'll cause open() to return EINTR (or at least it should). That's enough data to exit many critical sections safely... but things like opendir() are critical sections as well, and are stuck in libc and who knows what they do with EINTR in general. If we whack open() then someone needs only find a DoS with opendir(). Or we could just recode opendir()/readdir() using open()/getdents() and make sure it does the right thing with EINTR. and on and on. Dean
Current thread:
- Correction: CPSN 9:971208: Solaris /var Permission Problems MATTHEW POTTER (Jan 13)
- Xserver stack smashed Pavel Kankovsky (Jan 13)
- Re: Xserver stack smashed M Shariful Anam (Jan 14)
- DoS attack: apache (& other) .htaccess Authentication jan () WEDEKIND DE (Jan 14)
- Re: DoS attack: apache (& other) .htaccess Authentication Marc Slemko (Jan 14)
- Re: DoS attack: apache (& other) .htaccess Authentication Tim Newsham (Jan 15)
- Re: DoS attack: apache (& other) .htaccess Authentication Dustin Sallings (Jan 15)
- Re: DoS attack: apache (& other) .htaccess Authentication Casper Dik (Jan 16)
- pbomb'ing SSH on a FreeBSD box. Jeff Johnson (Jan 15)
- Re: pbomb'ing SSH on a FreeBSD box. FrontLine Assembly (Jan 17)
- Re: DoS attack: apache (& other) .htaccess Authentication Dean Gaudet (Jan 16)
- Re: GCC 2.7.? /tmp files dichro-bugtraq () RCPT TO (Jan 17)
- Re: GCC 2.7.? /tmp files Zack Weinberg (Jan 18)
- Re: GCC 2.7.? /tmp files John Gotts (Jan 19)
- CERT Vendor-Initiated Bulletin VB-98.01 - excite Aleph One (Jan 19)
- Xserver stack smashed Pavel Kankovsky (Jan 13)
- GCC 2.7.? /tmp files Micha? Zalewski (Jan 15)
- Re: GCC 2.7.? /tmp files Niels Bakker (Jan 16)
- pnserver exploit.. Aleph One (Jan 15)
- Re: pnserver exploit.. Angelos Karageorgiou (Jan 16)
- Re: pnserver exploit.. Donald van de Weyer (Jan 21)
- (AUSCERT ESB-98.009) CERT Advisory CA-98.02 - Vulnerabilities in Grant Beattie (Jan 21)