httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Randy Terbush <ra...@zyzzyva.com>
Subject Re: suexec concerns
Date Sat, 04 Jan 1997 17:01:07 GMT

I have that code sitting here and _might_ take a look at what it would
take to start using it. I have not had success getting a response from
RST, and did not know the status of whether we could use this or not.


> RST and I thrashed this one out long ago, when suexec first came up. I forget
> the details of the solution, but RST did implement it in threaded Apache. I
> even have his permission to lift it out and add it to 1.2, I just never got
> round to it.
> 
> As I remember it, a perfect solution was not possible, but a successful attack
> required the attacker to a) kill off a legitimate child and b) get a new
> process with the same process ID before Apache noticed that the original had
> died (which would only be possible after Apache had retrieved status, I
> believe, so would require a very narrow time slot).
> 
> Cheers,
> 
> Ben.
> 
> -- 
> Ben Laurie                Phone: +44 (181) 994 6435  Email: ben@algroup.co.uk
> Freelance Consultant and  Fax:   +44 (181) 994 6472
> Technical Director        URL: http://www.algroup.co.uk/Apache-SSL
> A.L. Digital Ltd,         Apache Group member (http://www.apache.org)
> London, England.          Apache-SSL author




Mime
View raw message