lvs-users
|
|
lvs-users
|
| To: | "LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx> |
|---|---|
| Subject: | Re: Simple script to Monitor LVS via Web |
| From: | Jeremy Kerr <jk@xxxxxxxxxx> |
| Date: | Wed, 12 Oct 2005 23:53:58 +1000 |
Luca, > <? $cmd="sudo /sbin/ipvsadm -L ". $dns_flag; passthru($cmd); ?> Whoa. If you use this script with register_globals set (and assuming you've set it up so that the sudo works), you've got a remote *root* vunerability right there. eg: http://example.com/script.php?resolve_dns=1&dnsflag=;rm+-rf+/ you may want to ensure your variables are clean beforehand, and avoid the sudo completely (maybe use a helper process?) Jeremy |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | Re: Simple script to Monitor LVS via Web, Luca Maranzano |
|---|---|
| Next by Date: | Re: ipvs_syncmaster brings cpu to 100%, Con Tassios |
| Previous by Thread: | Re: Simple script to Monitor LVS via Web, Luca Maranzano |
| Next by Thread: | Re: Simple script to Monitor LVS via Web, Jeremy Kerr |
| Indexes: | [Date] [Thread] [Top] [All Lists] |