Vulnerability Development mailing list archives
Re: Apache ap_getpass vulnerability
From: "Bluefish (P.Magnusson)" <11a () GMX NET>
Date: Sun, 5 Nov 2000 12:51:24 +0100
$ kill -l 1) SIGHUP 2) SIGINT 3) SIGQUIT 4) SIGILL 5) SIGTRAP 6) SIGIOT 7) SIGBUS 8) SIGFPE 9) SIGKILL 10) SIGUSR1 11) SIGSEGV 12) SIGUSR2 13) SIGPIPE 14) SIGALRM 15) SIGTERM 17) SIGCHLD 18) SIGCONT 19) SIGSTOP 20) SIGTSTP 21) SIGTTIN 22) SIGTTOU 23) SIGURG 24) SIGXCPU 25) SIGXFSZ 26) SIGVTALRM 27) SIGPROF 28) SIGWINCH 29) SIGIO 30) SIGPWR Wouldn't attacker simply be able to kill -s SIGSEGV <pid> ? After all, all apache childs run with the same uid. Many different cgi exploits could be modified to do kill the prefered http process.
Unless this is done somebody who gets access to the webserver machine, and therefore can read the private-key file, can also crash the Apache in such a way that he can read the password from memory. All he has to know is where the static char* inside getpass is in memory.
| strings | less Now, this is also a question of the importance of http passwords. Many administrators don't consider them secure to begin with (40bit DES hash, and usually no encryption what so ever). But yes, SSL has been mentioned. With SSL encryption, perhaps administrators put more faith in these passwords. getpass is yet another stupidly hard to use function. It is impressive how bad interfaces people put up with. getpass designers clearly have forgotten the first law of security-programming: assume all functions to be used by 'stupid' programmers. ('stupid' as in human, not flawless). ..:::::::::::::::::::::::::::::::::::::::::::::::::.. http://www.11a.nu || http://bluefish.11a.nu eleventh alliance development & security team http://www.eff.org/cafe
Current thread:
- Re: Apache ap_getpass vulnerability, (continued)
- Re: Apache ap_getpass vulnerability Peter Pentchev (Nov 05)
- Re: Apache ap_getpass vulnerability Simon Tamás (Nov 04)
- Re: Apache ap_getpass vulnerability Peter Pentchev (Nov 05)
- Re: Apache ap_getpass vulnerability Carson Gaspar (Nov 06)
- Re: Apache ap_getpass vulnerability Jon Paul, Nollmann (Nov 06)
- Re: Apache ap_getpass vulnerability Carson Gaspar (Nov 06)
- Re: Apache ap_getpass vulnerability Michael H. Warfield (Nov 07)
- Re: Apache ap_getpass vulnerability Jon Paul, Nollmann (Nov 07)
- Re: Apache ap_getpass vulnerability Lincoln Yeoh (Nov 08)
- Re: Apache ap_getpass vulnerability Bluefish (P.Magnusson) (Nov 10)
- Re: Apache ap_getpass vulnerability Bluefish (P.Magnusson) (Nov 06)