[ale] kernel funness?
Jonathan Rickman
jonathan at xcorps.net
Tue Sep 2 18:11:00 EDT 2003
On Tuesday 02 September 2003 18:01, Pete Hardie wrote:
> tiny embedded system - like the webserver the size of a matchhead (looked
> like a transistor) from several years ago. Kernel space means it can't
> be messed with, right?
Technically speaking, I suppose that is true...and I'm sure this code has
been audited carefully. But the thing that concerns me is the common use of
this module in conjunction with a userland web server. I'm not totally
clear on how all the plumbing works, but it basically goes something like
this:
Scenario 1 - khttpd as primary, Apache as secondary. khttpd serves all
static content and passes requests for dynamic content off to Apache. My
question is, does the dynamically generated content then get passed back to
khttpd, and what are the implications of this?
Scenario 2 - Apache as primary, khttpd as secondary. Vice-versa. What would
the impact of a vulnerable version of Apache sending requests (possibly
evil) to the khttpd module? What level of access does the Apache process
have?
I'm not a kernel hacker, and therefore cannot make a cohesive argument to
support my gut feeling. But my gut tells me this is not a great idea. I'd
love to hear Bob's opinion on this, as he is much more qualified in this
area than I.
--
Jonathan Rickman
X Corps Security
http://www.xcorps.net
_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale
More information about the Ale
mailing list