Reply to post: Usual???

A patchy Apache a-patchin: HTTP server gets fix for worrying root access hole

Nick Kew


Fol says that the vulnerability is triggered when the host server performs its daily restart routine, usually at 0625.

A startling claim. I don't think a daily restart routine is *that* usual: the default log rotation is weekly! I expect he was describing how he runs his server, and the reporter thought he meant standard practice. The point about the restart is that the vulnerability happens when both old and new processes are running, in the overlap that serves to provide continuity of service for users connecting to the server.

The reporter rightly points out that this relies on running in-process code. Not external code such as CGI or PHP-FPM. Permitting untrusted users to run in-process code is scary on many levels, though not unknown: Fol's demo exploit runs under mod_php, which I don't think anyone recommends nowadays in the era of PHP-FPM.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon