hi guys, sorry to butt in here, but thought i'd have something to add/ask:
On Mon, 2007-05-21 at 15:49 -0500, Richard Lynch wrote:
>
> If I'm understanding this correctly, (and that's definitely debatable)
> there seems to be an awfully large "hole" there of being able to poke
> random bits of RAM.
<snip>
> So, really, if a Bad Guy has access to poke random values into your
> RAM, is PHP even relevant to this hack?...
i've heard (though not confirmed myself) that if php is running as a
loadable apache module it is possible to use such a local attack
vector to read from the apache parent's memory, and extract tasty
morcels such as unencrypted SSL keys. obviously this would have an
impact on the severity of otherwise mundane local exploits.
is that FUD, or... ?
sean
signature.asc
Description: This is a digitally signed message part
