Full Disclosure mailing list archives
Re: Fun with mod_php/Apache 1.3, yet Apache much better than II$
From: Stefan Esser <s.esser () e-matters de>
Date: Wed, 6 Nov 2002 20:19:12 +0100
On Wed, Nov 06, 2002 at 08:15:48PM +0200, Georgi Guninski wrote:
I. Apache and php were notified on Tue, 15 Oct 2002 18:16:40 +0300 The Apache guys seem to prepare a fix. The php guys replied this is known for ages but did not provide reference for the claims.
It is known for ages because it is a UNIX design decision to inherit file descriptors on exec. Thats why most derivates support a CLOSE ON EXEC flag. I told you several times that I used the fd leakage in my e-matters PHP exploits to clean the apache log files for demonstration. This code belongs to e-matters and cannot made public... Now you can say: okay logfiles, but sockets are different... However I also told you guys to look into php4/main/main.c there is a comment somewhere in the code (within ...shutdown_for_exec()) that says (since 4.0.0) that we cannot close the fds at that place because it caused troubles (with 3rd party libs etc...) Taking care of the open fds would mean mod_php had to do unecessary extra forks() in front of all 3rd party library calls that could maybe execute external programs. And in front of all popens()... However I told you also that you should disable all exec functions in hosted environments via php.ini because there can always be kernel bugs or suid bugs on the box that could be exploited. Anyway, nice work Mr. Guninski. Stefan Esser _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Fun with mod_php/Apache 1.3, yet Apache much better than II$ Georgi Guninski (Nov 06)
- Re: Fun with mod_php/Apache 1.3, yet Apache much better than II$ Stefan Esser (Nov 06)
- Re: Fun with mod_php/Apache 1.3, yet Apache much better than II$ Georgi Guninski (Nov 07)
- Re: Fun with mod_php/Apache 1.3, yet Apache much better than II$ Stefan Esser (Nov 06)