[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <hjk3fy.pt7d99@d101.x-mailer.de>
From: a.gietl at e-admin.de (Andreas Gietl)
Subject: PHP dlopen() -> Fun with apache (and other
Stefan Esser <s.esser@...atters.de> wrote:
> Hello,
>
> well you describe nothing more than the documented functionality
> of the dlopen() call.
Yes of course. But this advisory should sharpen admins-mind to the threats the
dl()-function confronts us with. Administrators migth think that these newly
loaded modules are "contained" or otherwise protected.
> You can also have a lot of fun with loading
> linux kernel modules if your admin allows users to load kernel moduels.
> And stealing SSL private key from apache memory is not really a
> challenge... You only need to search for some signature in memory
> and "steal" the next few byte behind it.
>
> Stefan Esser
Powered by blists - more mailing lists