[CentOS] Strange Apache log entry

Gordon Messmer yinyang at eburg.com
Sun Aug 29 17:13:40 UTC 2010


On 08/29/2010 05:51 AM, Stephen Harris wrote:
> There's nothing special about /proc/$$/environ.  All the variables in there
> are already available to the process.  eg

Yes, and the shell could even be made to do as you wanted if you could 
convince a script to "source /proc/$$/environ".  You don't see many web 
services written in POSIX sh, though.

> Badly written CGI programs are badly written CGI programs no matter
> what language they're written in.  The exact nature of the exploit may
> be different, but they all fall into a similar class - the programmer
> ****ed up.

Yes, that's true, but the original message in this thread saw an attempt 
to load /proc/self/environ through a php script.  You're getting pretty 
far off topic, now.



More information about the CentOS mailing list