Re: Strange Apache log entry

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On 08/29/2010 05:51 AM, Stephen Harris wrote:
> There's nothing special about /proc/$$/environ.  All the variables in there
> are already available to the process.  eg

Yes, and the shell could even be made to do as you wanted if you could 
convince a script to "source /proc/$$/environ".  You don't see many web 
services written in POSIX sh, though.

> Badly written CGI programs are badly written CGI programs no matter
> what language they're written in.  The exact nature of the exploit may
> be different, but they all fall into a similar class - the programmer
> ****ed up.

Yes, that's true, but the original message in this thread saw an attempt 
to load /proc/self/environ through a php script.  You're getting pretty 
far off topic, now.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos


[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux