search

mind04 / mod-ruid2

mod_ruid2 is a suexec module for apache which takes advantage of POSIX.1e capabilities to increase performance.
Apache License 2.0
57 stars 22 forks source link

exploitation #7

Closed Dmole closed 9 years ago

Dmole commented 10 years ago

Was this:

http://lists.err.no/pipermail/mpm-itk/2013-September/000680.html

addressed?

mind04 commented 9 years ago

The solution is simple, don't install mod_perl or mod_phyton (or any other language module which is able to modify process capabilities) If you need modules like this, mod_ruid2 is not the tool for you.

For the record, mod_php does not have the required powers to modify the capabilities ( if you disable dl() in php.ini ).