Fwd: Re: evil scripts kill the server...
Oops, forgot to reply to list. To: Eric Cholet [EMAIL PROTECTED] Subject: Re: evil scripts kill the server... From: Ilya Martynov [EMAIL PROTECTED] On Thu, 17 Oct 2002 14:09:17 +0200, Eric Cholet [EMAIL PROTECTED] said: EC Yes, please explain how careless programming practice can make root EC access available to the world. Apache by default runs under the EC unpriviliged user 'nobody', seems to me that giving root access to EC the world would require running Apache as root, not something which EC can be achieved only by careless programming. Am I missing something? Often Apache is started as root initially (to let it bind low number ports like 80) and later switches to other UID to serve client requests. One implication of this scheme is that when Perl modules are preloaded during Apache startup Apache runs as root. So some programming errors in code which is preloaded combined with such setup actually may lead to root exploit. Though it should be hard to exploit as normally client requests don't affect startup stage and thus cannot interact potentially insecure code. -- Ilya Martynov, [EMAIL PROTECTED] CTO IPonWEB (UK) Ltd Quality Perl Programming and Unix Support UK managed @ offshore prices - http://www.iponweb.net Personal website - http://martynov.org
Re: evil scripts kill the server...
--On Wednesday, October 16, 2002 19:48:33 +0100 Ged Haywood [EMAIL PROTECTED] wrote: Hi there, On Wed, 16 Oct 2002, Joerg Plate wrote: Is it true that you can kill the whole server, not just the script if you do something wrong with mod_perl? Yes, I'm afraid it is. How? For example by swallowing all the memory, by consuming all the CPU, and of course by making root access available to the world through careless programming practice... Need I continue? Yes, please explain how careless programming practice can make root access available to the world. Apache by default runs under the unpriviliged user 'nobody', seems to me that giving root access to the world would require running Apache as root, not something which can be achieved only by careless programming. Am I missing something? -- Eric Cholet
evil scripts kill the server...
Moin, moin although it never happened to me i have to fight some rumours. Is it true that you can kill the whole server, not just the script if you do something wrong with mod_perl? (I doubt it) -- I'm working on it. http://Patterner.de
Re: evil scripts kill the server...
Hi Joerg, At 18:06 16.10.2002, Joerg Plate wrote: although it never happened to me i have to fight some rumours. Is it true that you can kill the whole server, not just the script if you do something wrong with mod_perl? (I doubt it) It depends on what wrong thing you do. mod_perl gives a great deal of freedom, and with freedom comes responsibility. Things like using a lot of memory and the fact that mod_perl scripts/modules can access each others namespaces can make for some problems. You probably want to look at : http://perl.apache.org/docs/general/multiuser/multiuser.html But just throwing an error (because of some unexpected condition, for example), won't kill the whole server. -- Per Einar Ellefsen [EMAIL PROTECTED]
Re: evil scripts kill the server...
although it never happened to me i have to fight some rumours. Is it true that you can kill the whole server, not just the script if you do something wrong with mod_perl? (I doubt it) It depends on what wrong thing you do. In fact the worse you can do is to kill one of the mod_perl processes, not the whole server (which is multiprocess) - at least not under Unix. A new server will be spawned automatically and the clients will only notice some slowdown (and maybe the document contains no data message, if the server died too early). -- Dominique QUATRAVAUX Ingénieur développeur senior 01 44 42 00 35 IDEALX
Re: evil scripts kill the server...
Hi there, On Wed, 16 Oct 2002, Joerg Plate wrote: although it never happened to me i have to fight some rumours. Is it true that you can kill the whole server, not just the script if you do something wrong with mod_perl? (I doubt it) Yes, I'm afraid it is. 73, Ged.
Re: evil scripts kill the server...
Is it true that you can kill the whole server, not just the script if you do something wrong with mod_perl? Yes, I'm afraid it is. How? -- I'm working on it. http://Patterner.de
Re: evil scripts kill the server...
Hi there, On Wed, 16 Oct 2002, Joerg Plate wrote: Is it true that you can kill the whole server, not just the script if you do something wrong with mod_perl? Yes, I'm afraid it is. How? For example by swallowing all the memory, by consuming all the CPU, and of course by making root access available to the world through careless programming practice... Need I continue? 73, Ged.
RE: evil scripts kill the server...
-Original Message- From: Ged Haywood [mailto:[EMAIL PROTECTED]] Sent: Wednesday, October 16, 2002 1:49 PM To: Joerg Plate Cc: [EMAIL PROTECTED] Subject: Re: evil scripts kill the server... Hi there, On Wed, 16 Oct 2002, Joerg Plate wrote: Is it true that you can kill the whole server, not just the script if you do something wrong with mod_perl? Yes, I'm afraid it is. How? For example by swallowing all the memory, by consuming all the CPU, and of course by making root access available to the world through careless programming practice... Need I continue? Yes you should. You are making it sound like these problem are unique to mod_perl when they are not. While you allude to the real causes of many server problems - careless programming practice - you leave it open like mod_perl somehow intrinsically fosters careless programming or that even worse it is inherently not secure. Like any web server, a poorly configured and poorly programmed mod_perl enable server is prone to failure. Of course some could say that a poorly configed/programmed mod_perl/apache server is better than a well configed/programmed server of another brand. The original poster should know that any server can fail under to proper circumstances and that while technically the rumors are true (and are they really rumors? I don't think there is some hidden agenda in the mod_perl/apache community to hide server security issues) it is also just as true that a problem in a mod_perl script is not going to cause the server to fail completely. And all of that is true with any brand server. That is why you should have a development server to work on new code on, a QC server to test newly released code and a production server (or servers) for code you have tested and a sure is ready for prime-time. And again, that is not true only for mod_perl/apache, but is true for all webservers regardless of brandname.
RE: evil scripts kill the server...
Hi there, On Wed, 16 Oct 2002, Joe Breeden wrote: You are making it sound like these problem are unique to mod_perl when they are not. I didn't think I was doing that. I didn't mean to. I have no axe to grind here, and I use mod_perl a great deal. It has never let me down (although I have:). The original poster should know that any server can fail Yes, he should. I think he probably does. And I think we should kill this thread. 73, Ged.