Bugtraq mailing list archives
Re: Re[2]: Hijacking Apache 2 via mod_perl
From: Steve G <linux_4ever () yahoo com>
Date: Thu, 22 Jan 2004 09:51:10 -0800 (PST)
At least, it's possible to store descriptors table and implement check for descriptor in every perl file/socket function inside mod_perl (and mod_php and mod_something) and only allow access to std descriptors and to descriptors open inside same script. The choice is between speed and security.
Right. To me, that sounds ideal. In these days of 3 GHz machines, I don't mind a little extra checking if it makes things more secure. -Steve Grubb __________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free web site building tool. Try it! http://webhosting.yahoo.com/ps/sb/
Current thread:
- Hijacking Apache 2 via mod_perl Steve Grubb (Jan 21)
- Re: Hijacking Apache 2 via mod_perl Ben Laurie (Jan 22)
- Re[2]: Hijacking Apache 2 via mod_perl 3APA3A (Jan 22)
- Re: Hijacking Apache 2 via mod_perl Ben Laurie (Jan 22)
- Re: Hijacking Apache 2 via mod_perl André Malo (Jan 22)
- Re: Hijacking Apache 2 via mod_perl Steve G (Jan 22)
- Re: Hijacking Apache 2 via mod_perl jon schatz (Jan 23)
- Re: Hijacking Apache 2 via mod_perl Matthew Wakeling (Jan 24)
- Re[2]: Hijacking Apache 2 via mod_perl 3APA3A (Jan 22)
- Re: Re[2]: Hijacking Apache 2 via mod_perl Steve G (Jan 22)
- Re: Hijacking Apache 2 via mod_perl Ben Laurie (Jan 22)