Re: suenv

To: <christos%astron.com@localhost>
Subject: Re: suenv
From: <Paul_Koning%Dell.com@localhost>
Date: Tue, 23 Oct 2012 19:07:30 +0000

On Oct 23, 2012, at 2:56 PM, Christos Zoulas wrote:

> In article 
> <C75A84166056C94F84D238A44AF9F6AD277C2B%AUSX10MPC103.AMER.DELL.COM@localhost>,
> <Paul_Koning%Dell.com@localhost> wrote:
> 
>> But apache is security critical, isn't it?  And it certainly is
>> threaded.  Or are you applying the term "security critical" only to a
>> smaller set of components?  
> 
> Yes, but apache is designed to be threaded. login, su, and other
> pam users not necessarily. Typically programs "know" the closure
> of shared libraries that they can potentially use, and PAM breaks
> that model. The threaded/non-threaded case is a particularly nasty
> example, where a program might assume that it can use static storage
> and non-threaded interfaces (res_foo() instead of res_nfoo(),
> getdbfoo() instead of getdbfoo_r()) and then suddenly it finds
> itself in a threaded environment and potential heisen bugs. In the
> apache case these may effect only the apache user and whatever
> access it has, but login/su and other PAM users cases this leads
> to a complete system compromise.
> 
> christos
> 

That makes sense, thanks.

        paul

References:
- Re: suenv
  - From: Thor Lancelot Simon
- Re: suenv
  - From: Eric Haszlakiewicz
- Re: suenv
  - From: Mouse
- Re: suenv
  - From: Paul_Koning
- Re: suenv
  - From: Christos Zoulas

Prev by Date: Re: NetBSD 6.0/amd64 panic: ciss: dead (DL ProLiant 360P)
Next by Date: Re: Panic at init on arm (Seagate Dockstar) with -current
Previous by Thread: Re: suenv
Next by Thread: Re: suenv
Indexes:

Home | Main Index | Thread Index | Old Index