[ale] kernel funness?
Chris Ricker
kaboom at gatech.edu
Tue Sep 2 23:53:52 EDT 2003
On Tue, 2 Sep 2003, Jonathan Rickman wrote:
> On Tuesday 02 September 2003 18:01, Pete Hardie wrote:
>
> > tiny embedded system - like the webserver the size of a matchhead (looked
> > like a transistor) from several years ago. Kernel space means it can't
> > be messed with, right?
>
> Technically speaking, I suppose that is true...and I'm sure this code has
> been audited carefully. But the thing that concerns me is the common use of
> this module in conjunction with a userland web server. I'm not totally
> clear on how all the plumbing works, but it basically goes something like
> this:
>
> Scenario 1 - khttpd as primary, Apache as secondary. khttpd serves all
> static content and passes requests for dynamic content off to Apache. My
> question is, does the dynamically generated content then get passed back to
> khttpd, and what are the implications of this?
>
> Scenario 2 - Apache as primary, khttpd as secondary. Vice-versa. What would
> the impact of a vulnerable version of Apache sending requests (possibly
> evil) to the khttpd module? What level of access does the Apache process
> have?
>
> I'm not a kernel hacker, and therefore cannot make a cohesive argument to
> support my gut feeling. But my gut tells me this is not a great idea. I'd
> love to hear Bob's opinion on this, as he is much more qualified in this
> area than I.
1 is mainly what's done AFAIK, or at least I've never seen 2 done in
production (though it certainly can be configured that way, and I don't
work with the porn industry, which would be the ideal model for uses of 2
as far as I can tell ;-)
At any rate, the content doesn't go from the dynamic back to the static.
What happens in 1 is that the static kernel server is bound to port 80, and
the dynamic kernel server to some other port (say, 8000). Any requests the
static port-80 server can't handle are redirected to the port-8000 server.
As for the security implications, I'd be more worried about the PHP /
servlets / CGIs / whatever other madness you're using on that dynamic
server....
later,
chris
_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale
More information about the Ale
mailing list