Then one just writes a perl extension in C. Who's responsible then?But don't you need root to add extentions?
Who's responsible if you just write a C module which hijacks theAgain, you need an admin to update apache's config.
descriptors?
you need an admin to update the config file if you're trying to use the LoadModule directive. but if mod_perl's already running (and if .htaccess files aren't locked down enough), you can use the SetHandler to load up any (malicous) modules you might need. afaik, loading a module once in mod_perl will make it available to every child process. if i've been reading this thread right (and there's a good chance i haven't) then this would give EvilModule.pm access to the leaked fd's.
(i haven't tested this for httpd2/mod_perl2, but i know it holds true for httpd1.3.x/mod_perl, and the new docs don't indicate any changes).
-jon -- jon@divisionbyzero.com || www.divisionbyzero.com gpg key: www.divisionbyzero.com/pubkey.asc think i have a virus? www.divisionbyzero.com/pgp.html "You are in a twisty little maze of Sendmail rules, all confusing."
