[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-developers] Security issues with running files owned by httpd under a virtual site.

Subject: RE: [cobalt-developers] Security issues with running files owned by httpd under a virtual site.
From: shimi <shimi@xxxxxxxxxxxxxxxx>
Date: Sat Jun 23 17:35:50 2001
List-id: Discussion Forum for developers on Cobalt Networks products <cobalt-developers.list.cobalt.com>

On Sat, 23 Jun 2001, KAMRY wrote:

> But can't they have privileges to the httpd demon and probably do some stuff
> on that demon.
> 
> Kal
> 

I don't recall Apache having any control system or any interactive session
or whatever that can be controlled from the outside... but now that you
mentioned it, I do think of a problem that may accour.

Someone who played more than me on this is welcome to tell what this CGI
script will do:

#!/bin/sh
killall -9 httpd

indeed looks serious to me, even with CGIwrap (as you can do exec from SSI
as well.) - ideas, anyone?

- shimi

Follow-Ups:
- RE: [cobalt-developers] Security issues with running files owned by httpd under a virtual site.
  - From: KAMRY

References:
- RE: [cobalt-developers] Security issues with running files owned by httpd under a virtual site.
  - From: KAMRY

Prev by Date: [cobalt-developers] DNS scripts
Next by Date: Re: [cobalt-developers] Perl 5.6 on Raq 4
Previous by thread: Re: [cobalt-developers] Perl 5.6 on Raq 4
Next by thread: RE: [cobalt-developers] Security issues with running files owned by httpd under a virtual site.

Sun Cobalt Developers Message Index

Sun Cobalt Developers Thread Index