Vulnerability Development mailing list archives
Re: Apache 2.x leaked descriptors
From: Christian Kratzer <ck () cksoft de>
Date: Mon, 24 Feb 2003 22:58:50 +0100 (CET)
Hi, On Mon, 24 Feb 2003, David M. Wilson wrote:
On Sat, Feb 22, 2003 at 02:46:59PM -0800, jon schatz wrote:
[snipp]
Ideal permissions on CGI directories do not differ to the permissions on other content directories. I think you may be confused as to what execute permission actually means:
the point about leaked file descriptors is not about execute permissions. Apache 2.0 currently execs cgi scripts / server side includes etc... with file descriptors open to all access and error logs on the server and also to a couple of internal pipes. This means any cgi script can muck around with all access and error logs, read them, truncate them, overwrite them or append funny stuff. There is a bug in apache 2.0 that prevents closing of these internal resources before running the cgi's. Thats all. And thats enough ... Greetings Christian -- CK Software GmbH Christian Kratzer, Schwarzwaldstr. 31, 71131 Jettingen Email: ck () cksoft de Phone: +49 7452 889-135 Open Software Solutions, Network Security Fax: +49 7452 889-136 FreeBSD spoken here!
Current thread:
- Apache 2.x leaked descriptors Steve Grubb (Feb 21)
- Re: Apache 2.x leaked descriptors Christian Kratzer (Feb 23)
- Re: Apache 2.x leaked descriptors jon schatz (Feb 23)
- Re: Apache 2.x leaked descriptors David M. Wilson (Feb 24)
- Re: Apache 2.x leaked descriptors Christian Kratzer (Feb 25)
- Re: Apache 2.x leaked descriptors Brian Hatch (Feb 25)
- Re: Apache 2.x leaked descriptors Christian Kratzer (Feb 25)
- Re: Apache 2.x leaked descriptors Bjoern A. Zeeb (Feb 28)
- Re: Apache 2.x leaked descriptors David M. Wilson (Feb 24)
- <Possible follow-ups>
- Re: Apache 2.x leaked descriptors Steve Grubb (Feb 24)
- RE: Apache 2.x leaked descriptors Michael Wojcik (Feb 25)
- Re: Apache 2.x leaked descriptors Steve Grubb (Feb 25)