httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ben Laurie <...@gonzo.ben.algroup.co.uk>
Subject Re: Authentication
Date Tue, 04 Jun 1996 19:21:21 GMT
rasmus@madhaus.utcs.utoronto.ca wrote:
> 
> > I believe this suggestion is what Jason meant earlier by "walking the
> > process tree".  The problem is finding a secure way to do that.  In
> > particular, the only even vaguely portable way I'm aware of for getting
> > at the process table is 'ps', and even with it, the details (options
> > required to get ppid, and output formats) vary from system to system.
> > In what follows, I'm assuming use of 'ps' --- if anyone has a better
> > idea, my apologies, but I haven't seen one yet.
> 
> You would need to dive in kmem and/or /proc in order to do this, and
> you are right, this is about as non-portable as you can get.  
> 
> However, one could imagine that the parent could write its PID and the
> PID of any children it forks to somewhere and then this manually created
> process id tree could be checked.  You would of course have to make sure
> that this id tree couldn't be directly modified by the bad guys.

Ah, now that's an idea I like.

But, an attack would be to find something that kills Apache, and keep killing
it until a process id comes around which is still in the id tree, because the
main server hasn't cleaned it up yet, then bang, you're in.

I can't instantly think of a way around that.

Cheers,

Ben.

> 
> I don't think relying on an external binary such as 'ps' is a very good
> idea.  You have no way of knowing how the ps command works on the various
> operating systems.  And some OS's have different varieties.  ie. Linux
> with its proc-ps and kmem-ps types.
> 
> -Rasmus

-- 
Ben Laurie                  Phone: +44 (181) 994 6435
Freelance Consultant and    Fax:   +44 (181) 994 6472
Technical Director          Email: ben@algroup.co.uk
A.L. Digital Ltd,           URL: http://www.algroup.co.uk
London, England.

Mime
View raw message