| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <3DCA4263.1020701@guninski.com> From: guninski at guninski.com (Georgi Guninski) Subject: Fun with mod_php/Apache 1.3, yet Apache much better than II$ Stefan Esser wrote: > On Wed, Nov 06, 2002 at 08:15:48PM +0200, Georgi Guninski wrote: > > >>I. Apache and php were notified on Tue, 15 Oct 2002 18:16:40 +0300 >>The Apache guys seem to prepare a fix. The php guys replied this is known >>for ages but did not provide reference for the claims. > > > It is known for ages because it is a UNIX design decision to inherit > file descriptors on exec. Thats why most derivates support a CLOSE ON > EXEC flag. I told you several times that I used the fd leakage in my > e-matters PHP exploits to clean the apache log files for demonstration. > This code belongs to e-matters and cannot made public... I got only one message which said that closing on exec can cause problems. And I did not got any reply to the question: "So please someone officially reply - "FIX - when" or "NOT FIX" from Date: Mon, 21 Oct 2002 16:36:53 +0300 Georgi
Powered by blists - more mailing lists