Re: Apache 2.x leaked descriptors

[Joe Orton <jorton () redhat com>]

I think you can be more inventive on what a malicious script author can
if they can run arbitrary code from a CGI script, under the Apache
model:  here are some things I can up with:

- using ptrace() on an httpd child: now you can get the httpd child to
run arbitrary code, so "fd leaks" from child to CGI script are really
irrelevant. (This is an old trick: nCipher used this as a demo of how to
extract in-server SSL private keys using a CGI script)

- send signals to the server children: SIGSTOP will make a quick'n'easy
DoS.

I'm sure there are more.  The bottom line is that you must trust CGI
script authors with the priviledges of the user which httpd runs as.

Regards,

joe