<<< Date Index >>>     <<< Thread Index >>>

Re: Hijacking Apache 2 via mod_perl



Steve G wrote:

Then one just writes a perl extension in C. Who's responsible then?
But don't you need root to add extentions?

Who's responsible if you just write a C module which hijacks the
descriptors?
Again, you need an admin to update apache's config.

you need an admin to update the config file if you're trying to use the LoadModule directive. but if mod_perl's already running (and if .htaccess files aren't locked down enough), you can use the SetHandler to load up any (malicous) modules you might need. afaik, loading a module once in mod_perl will make it available to every child process. if i've been reading this thread right (and there's a good chance i haven't) then this would give EvilModule.pm access to the leaked fd's.

(i haven't tested this for httpd2/mod_perl2, but i know it holds true for httpd1.3.x/mod_perl, and the new docs don't indicate any changes).

-jon
--
jon@xxxxxxxxxxxxxxxxxx || www.divisionbyzero.com
gpg key: www.divisionbyzero.com/pubkey.asc
think i have a virus? www.divisionbyzero.com/pgp.html
"You are in a twisty little maze of Sendmail rules, all confusing."