[prev in list] [next in list] [prev in thread] [next in thread]
List: apache-httpd-dev
Subject: Re: PID table changes (was Re: svn commit: r547987 - in /httpd/httpd/trunk)
From: Joe Orton <jorton () redhat ! com>
Date: 2007-06-22 16:23:53
Message-ID: 20070622162353.GA15396 () redhat ! com
[Download RAW message or body]
Looking at this further:
I can't actually see any exploit path here at all in 2.0.x prefork:
PSNC folks; in your report, "PoC #3 SIGUSR1 killer #1 (Apache 2.x)"
concerns the "graceful shutdown" code, which is only present in 2.2.x,
not 2.0.x.
The ap_reclaim_child_processes() path changed in SVN can't be an attack
vector: all it does, by intent, is kill children of the parent. The
implementation guarantees that it will not kill any other process:
waitpid() fails with ESRCH if passed a non-child pid. reclaim_one_pid()
will only kill the pid if waitpid returns zero.
The only kill() call in 2.0 prefork.c itself is in reap_children(),
which is dead code.
joe
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic