29 Aug
2010
29 Aug
'10
7:13 p.m.
On 08/29/2010 05:51 AM, Stephen Harris wrote:
There's nothing special about /proc/$$/environ. All the variables in there are already available to the process. eg
Yes, and the shell could even be made to do as you wanted if you could convince a script to "source /proc/$$/environ". You don't see many web services written in POSIX sh, though.
Badly written CGI programs are badly written CGI programs no matter what language they're written in. The exact nature of the exploit may be different, but they all fall into a similar class - the programmer ****ed up.
Yes, that's true, but the original message in this thread saw an attempt to load /proc/self/environ through a php script. You're getting pretty far off topic, now.