[php-maint] Bug#605571: Bug#605571: libapache2-mod-php5: Please enable pcntl functions

sean finney seanius at debian.org
Wed Dec 8 20:37:25 UTC 2010


On Wed, Dec 08, 2010 at 08:28:31PM +0100, Raphael Hertzog wrote:
> So there are security concerns apparently... any specific security risk
> or just the fear of letting malicious people use those functions to run
> daemons where it was not intended?

i guess that'd be a bit problematic, but i'm sure an enteprising individual
could find a way to do the same thing via the standard system() calls.

the real problem as i see it is that having a working and direct path
to fork()/exec() opens up the possibility to read(/write?)[1] arbitrary
memory addresses in the apache processes, something that even an evil
developer trying to write malicious code should not be able to do.


[1] i have PoC code that can read "some interesting private things" from
    httpd's memory, but am not sure that anything useful can be done writing.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-php-maint/attachments/20101208/4757953e/attachment.pgp>

More information about the pkg-php-maint mailing list