Package: cgiwrap
Version: 3.9-3
Severity: normal
Looking at the issue of file descriptors left open with PHP:
PHP "exec", "system", "popen" problem
http://www.securityfocus.com/archive/1/449234
http://www.securityfocus.com/archive/1/449298
Apache mod_php Module File Descriptor Leakage Vulnerability
http://www.securityfocus.com/bid/9302
Hijacking Apache https by mod_php
http://www.securityfocus.com/archive/1/348368
I looked at cgiwrap, and see (for a running CGI script):
[EMAIL PROTECTED]:~$ lsof -p31129
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
sleep 31129 psz cwd DIR 8,5 4096 2338480
/usr/users/misc/httpd/ub/psz
sleep 31129 psz rtd DIR 8,1 4096 2 /
sleep 31129 psz txt REG 8,1 1057324 669220 /usr/bin/perl
sleep 31129 psz mem REG 8,1 90248 293851 /lib/ld-2.3.2.so
sleep 31129 psz mem REG 8,1 9872 391920 /lib/tls/libdl-2.3.2.so
sleep 31129 psz mem REG 8,1 134496 392079 /lib/tls/libm-2.3.2.so
sleep 31129 psz mem REG 8,1 78233 391909
/lib/tls/libpthread-0.60.so
sleep 31129 psz mem REG 8,1 1254660 391918 /lib/tls/libc-2.3.2.so
sleep 31129 psz mem REG 8,1 18876 391919
/lib/tls/libcrypt-2.3.2.so
sleep 31129 psz 0r FIFO 0,7 36793434 pipe
sleep 31129 psz 1w FIFO 0,7 36793435 pipe
sleep 31129 psz 2w FIFO 0,7 36793435 pipe
sleep 31129 psz 3r DIR 8,1 4096 228481 /root
Surely the directory /root should not be left open. This is not a major
security hole, but is a breach of privacy.
Cheers,
Paul Szabo [EMAIL PROTECTED] http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of Sydney Australia
-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.6.8-spm1.6
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Versions of packages cgiwrap depends on:
ii apache2-mpm-prefork [ 2.0.54-5sarge1 traditional model for Apache2
ii libc6 2.3.2.ds1-22sarge4 GNU C Library: Shared libraries an
-- no debconf information
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
