[CentOS] Strange Apache log entry
Gordon Messmer
yinyang at eburg.com
Sun Aug 29 17:13:40 UTC 2010
On 08/29/2010 05:51 AM, Stephen Harris wrote:
> There's nothing special about /proc/$$/environ. All the variables in there
> are already available to the process. eg
Yes, and the shell could even be made to do as you wanted if you could
convince a script to "source /proc/$$/environ". You don't see many web
services written in POSIX sh, though.
> Badly written CGI programs are badly written CGI programs no matter
> what language they're written in. The exact nature of the exploit may
> be different, but they all fall into a similar class - the programmer
> ****ed up.
Yes, that's true, but the original message in this thread saw an attempt
to load /proc/self/environ through a php script. You're getting pretty
far off topic, now.
More information about the CentOS
mailing list