On Tue, Mar 18, 2003 at 09:56:04PM +0000, Bjoern A. Zeeb wrote: > On Tue, 18 Mar 2003, Joe Orton wrote: > > 2. otherwise: even when you set CLOEXEC, the arbitrary binary which > > can be fork/exec from an untrusted PHP script can then just use > > ptrace() to arrange for any httpd child to run arbitrary code anyway, > > thereby gaining access to all the fds you went to so much effort to > > avoid leaking. > > But if I call an ordinary CGI script (be it shell,perl,C, php as CGI...) > I may run it through suexec and it will be run under a completly different > unprivileged uid and gid. It will not be able to access httpd > resources if my file, etc. permissions are set up correctly, ... > Same will for sure almost be true for cgid/mod_cgi.
You're confusing two issues: the fd leaks to CGI scripts in recent versions of httpd-2.0 are caused entirely by inappropriate calls to apr_file_inherit_set in httpd. Adding CLOEXEC support to APR makes absolutely no difference to that. Regards, joe
