Vulnerability Development mailing list archives
Re: Apache ap_getpass vulnerability
From: Peter Pentchev <roam () ORBITEL BG>
Date: Sat, 4 Nov 2000 18:36:28 +0200
On Mon, Jan 03, 2000 at 09:50:57PM +0100, Simon Tamas wrote:
If you have an Apache module and your module uses configuration directives then configuration records are set up at your modules start up. At this point I thought it was possible to call ap_getpass() to fill a value in the configuration record (value of passphrase acoompanying the privatekey -- which is filled with ap_set_file_slot()) However I also found difficulties getting user input at module start-up. Looks like my hook function is called twice, and at the second time there is no tty Any help on this would be appreciated.
You mean you're writing an Apache module that reads user input at the time the server is starting?.. Does this mean that the server startup itself becomes interactive? This pretty much rules out unattended Apache startup - you need to start the server manually each time it dies; also, it cannot be put in the system's startup scripts. IMHO, this is not such a good idea :( G'luck, Peter -- This would easier understand fewer had omitted.
Current thread:
- Apache ap_getpass vulnerability Simon Tamás (Nov 02)
- Re: Apache ap_getpass vulnerability Jon Paul, Nollmann (Nov 03)
- Re: Apache ap_getpass vulnerability Simon Tamás (Nov 03)
- Re: Apache ap_getpass vulnerability Jon Paul, Nollmann (Nov 04)
- Re: Apache ap_getpass vulnerability Pavel Kankovsky (Nov 05)
- Re: Apache ap_getpass vulnerability Simon Tamás (Nov 07)
- Re: Apache ap_getpass vulnerability Peter Pentchev (Nov 05)
- Re: Apache ap_getpass vulnerability Simon Tamás (Nov 04)
- Re: Apache ap_getpass vulnerability Peter Pentchev (Nov 05)
- Re: Apache ap_getpass vulnerability Carson Gaspar (Nov 06)
- Re: Apache ap_getpass vulnerability Jon Paul, Nollmann (Nov 06)
- Re: Apache ap_getpass vulnerability Carson Gaspar (Nov 06)
- Re: Apache ap_getpass vulnerability Michael H. Warfield (Nov 07)
- Re: Apache ap_getpass vulnerability Jon Paul, Nollmann (Nov 07)
- Re: Apache ap_getpass vulnerability Lincoln Yeoh (Nov 08)
- Re: Apache ap_getpass vulnerability Bluefish (P.Magnusson) (Nov 10)
- Re: Apache ap_getpass vulnerability Simon Tamás (Nov 03)
- Re: Apache ap_getpass vulnerability Jon Paul, Nollmann (Nov 03)
- Re: Apache ap_getpass vulnerability Bluefish (P.Magnusson) (Nov 06)