SecurityFocus

Hijacking Apache 2 via mod_perl Jan 21 2004 10:53PM
Steve Grubb (linux_4ever yahoo com) (2 replies)

Re: Hijacking Apache 2 via mod_perl Jan 22 2004 03:53PM
Ben Laurie (ben algroup co uk) (1 replies)

Re[2]: Hijacking Apache 2 via mod_perl Jan 22 2004 05:37PM
3APA3A (3APA3A SECURITY NNOV RU) (3 replies)

Re: Hijacking Apache 2 via mod_perl Jan 22 2004 06:39PM
Ben Laurie (ben algroup co uk)

Re: Re[2]: Hijacking Apache 2 via mod_perl Jan 22 2004 05:51PM
Steve G (linux_4ever yahoo com)

>At least, it's possible to store descriptors table and
>implement check for descriptor in every perl file/socket
>function inside mod_perl (and mod_php and mod_something) and
>only allow access to std descriptors and to descriptors open
>inside same script. The choice is between speed and security.

Right. To me, that sounds ideal. In these days of 3 GHz machines,
I don't mind a little extra checking if it makes things more
secure.

-Steve Grubb

__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free web site building tool. Try it!
http://webhosting.yahoo.com/ps/sb/

[ reply ]

Re: Hijacking Apache 2 via mod_perl Jan 22 2004 05:42PM
André Malo (nd perlig de) (1 replies)

Re: Hijacking Apache 2 via mod_perl Jan 22 2004 06:04PM
Steve G (linux_4ever yahoo com) (2 replies)

Re: Hijacking Apache 2 via mod_perl Jan 23 2004 09:39PM
Matthew Wakeling (mnw21-bugtraq jumpleads com)

Re: Hijacking Apache 2 via mod_perl Jan 23 2004 03:55AM
jon schatz (jon divisionbyzero com)

Re: Hijacking Apache 2 via mod_perl Jan 22 2004 10:20AM
lupe lupe-christoph de (Lupe Christoph)