in reply to Re^3: how would you detect a math expression
in thread how would you detect a math expression
Even with the double fork and chroot there're still a lot of potential security holes which are open, for example consider the following two fairly common attacks for a couple off the top of my head:
- Denial of service attacks: Make the machine talk to itself a lot.. use LWP::Simple; while (1) { get("http://localhost/something_intensive.cgi")} (bonus points for calling the the calculator again with the same effect), fork bombing with while (1) { fork }, or getting a list of the current user's active processes and kill -9'ing them.
- Mailing back details from your machine to the aggressor to get information for other attacks: Grab the script, grab the config files listed in the script, connect to the database with credentials from config file, delete all data or subtly corrupt it as you see fit. If this application has no config file there're probably other web apps on the machine who's config file you can get.
|
---|
Replies are listed 'Best First'. | |
---|---|
Re^5: how would you detect a math expression
by shmem (Chancellor) on Feb 19, 2007 at 16:27 UTC |
In Section
Seekers of Perl Wisdom