hiya, On Wed, Dec 08, 2010 at 08:28:31PM +0100, Raphael Hertzog wrote: > So there are security concerns apparently... any specific security risk > or just the fear of letting malicious people use those functions to run > daemons where it was not intended?
i guess that'd be a bit problematic, but i'm sure an enteprising individual
could find a way to do the same thing via the standard system() calls.
the real problem as i see it is that having a working and direct path
to fork()/exec() opens up the possibility to read(/write?)[1] arbitrary
memory addresses in the apache processes, something that even an evil
developer trying to write malicious code should not be able to do.
sean
[1] i have PoC code that can read "some interesting private things" from
httpd's memory, but am not sure that anything useful can be done writing.
signature.asc
Description: Digital signature
