[ale] kernel funness?

Jonathan Rickman jonathan at xcorps.net
Tue Sep 2 18:11:00 EDT 2003


On Tuesday 02 September 2003 18:01, Pete Hardie wrote:

> tiny embedded system - like the webserver the size of a matchhead (looked
> like a transistor) from several years ago.  Kernel space means it can't
> be messed with, right?

Technically speaking, I suppose that is true...and I'm sure this code has 
been audited carefully. But the thing that concerns me is the common use of 
this module in conjunction with a userland web server. I'm not totally 
clear on how all the plumbing works, but it basically goes something like 
this:

Scenario 1 - khttpd as primary, Apache as secondary. khttpd serves all 
static content and passes requests for dynamic content off to Apache. My 
question is, does the dynamically generated content then get passed back to 
khttpd, and what are the implications of this?

Scenario 2 - Apache as primary, khttpd as secondary. Vice-versa. What would 
the impact of a vulnerable version of Apache sending requests (possibly 
evil) to the khttpd module? What level of access does the Apache process 
have?

I'm not a kernel hacker, and therefore cannot make a cohesive argument to 
support my gut feeling. But my gut tells me this is not a great idea. I'd 
love to hear Bob's opinion on this, as he is much more qualified in this 
area than I.

-- 
Jonathan Rickman
X Corps Security
http://www.xcorps.net


_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale





More information about the Ale mailing list