[php-maint] Bug#605571: Bug#605571: libapache2-mod-php5: Please enable pcntl functions
sean finney
seanius at debian.org
Wed Dec 8 20:37:25 UTC 2010
hiya,
On Wed, Dec 08, 2010 at 08:28:31PM +0100, Raphael Hertzog wrote:
> So there are security concerns apparently... any specific security risk
> or just the fear of letting malicious people use those functions to run
> daemons where it was not intended?
i guess that'd be a bit problematic, but i'm sure an enteprising individual
could find a way to do the same thing via the standard system() calls.
the real problem as i see it is that having a working and direct path
to fork()/exec() opens up the possibility to read(/write?)[1] arbitrary
memory addresses in the apache processes, something that even an evil
developer trying to write malicious code should not be able to do.
sean
[1] i have PoC code that can read "some interesting private things" from
httpd's memory, but am not sure that anything useful can be done writing.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-php-maint/attachments/20101208/4757953e/attachment.pgp>
More information about the pkg-php-maint
mailing list