apr-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joe Orton <...@manyfish.co.uk>
Subject Re: [Patch] redux; discussion of FD_CLOEXEC and APR_INHERIT
Date Tue, 18 Mar 2003 22:41:18 GMT
On Tue, Mar 18, 2003 at 09:56:04PM +0000, Bjoern A. Zeeb wrote:
> On Tue, 18 Mar 2003, Joe Orton wrote:
> > 2. otherwise: even when you set CLOEXEC, the arbitrary binary which
> > can be fork/exec from an untrusted PHP script can then just use
> > ptrace() to arrange for any httpd child to run arbitrary code anyway,
> > thereby gaining access to all the fds you went to so much effort to
> > avoid leaking.
> 
> But if I call an ordinary CGI script (be it shell,perl,C, php as CGI...)
> I may run it through suexec and it will be run under a completly different
> unprivileged uid and gid. It will not be able to access httpd
> resources if my file, etc. permissions are set up correctly, ...
> Same will for sure almost be true for cgid/mod_cgi.

You're confusing two issues: the fd leaks to CGI scripts in recent
versions of httpd-2.0 are caused entirely by inappropriate calls to
apr_file_inherit_set in httpd.

Adding CLOEXEC support to APR makes absolutely no difference to that.

Regards,

joe

Mime
View raw message