Gordon Messmer wrote:
On 08/29/2010 05:51 AM, Stephen Harris wrote:
There's nothing special about /proc/$$/environ. All the variables in there are already available to the process. eg
Yes, and the shell could even be made to do as you wanted if you could convince a script to "source /proc/$$/environ". You don't see many web services written in POSIX sh, though.
Badly written CGI programs are badly written CGI programs no matter what language they're written in. The exact nature of the exploit may be different, but they all fall into a similar class - the programmer ****ed up.
Yes, that's true, but the original message in this thread saw an attempt to load /proc/self/environ through a php script. You're getting pretty far off topic, now. _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
I think running apache in a chroot environment might be one of the most effective protections. I used to do that in the past, but I found it too much work to maintain. Now there are things like mod_chroot and perhaps other tools, but I have no experience with them and don't know if they make it easier.
Nataraj