Differences between version 2 and previous revision of CyberLeo/Bugs/ApacheSudo.
Other diffs: Previous Major Revision, Previous Author
| Newer page: | version 2 | Last edited on Monday, 1 November 2010 5:02:51 | by CyberLeo | Revert |
| Older page: | version 1 | Last edited on Monday, 1 November 2010 4:56:35 | by CyberLeo | Revert |
@@ -1,55 +1,57 @@
FreeBSD paka.cyberleo.net 7.2-RELEASE-p3 FreeBSD 7.2-RELEASE-p3 #1: Fri Jul 31 07:52:14 EDT 2009 cyberleo@paka.cyberleo.net:/usr/obj/usr/srcs/RELENG_7_2/src/sys/PAKA amd64
Relevant packages:
-*
apache-worker-2.2.16_1 Version 2.2.x of Apache web server with worker MPM.
-*
php52-5.2.13_3 PHP Scripting Language
-*
php52-bcmath-5.2.13_3 The bcmath shared extension for php
-*
php52-bz2-5.2.13_3 The bz2 shared extension for php
-*
php52-calendar-5.2.13_3 The calendar shared extension for php
-*
php52-ctype-5.2.13_3 The ctype shared extension for php
-*
php52-curl-5.2.13_3 The curl shared extension for php
-*
php52-dom-5.2.13_3 The dom shared extension for php
-*
php52-extensions-1.3 A "meta-port" to install PHP extensions
-*
php52-filter-5.2.13_3 The filter shared extension for php
-*
php52-ftp-5.2.13_3 The ftp shared extension for php
-*
php52-gd-5.2.13_3 The gd shared extension for php
-*
php52-gettext-5.2.13_3 The gettext shared extension for php
-*
php52-gmp-5.2.13_3 The gmp shared extension for php
-*
php52-hash-5.2.13_3 The hash shared extension for php
-*
php52-iconv-5.2.13_3 The iconv shared extension for php
-*
php52-json-5.2.13_3 The json shared extension for php
-*
php52-mbstring-5.2.13_3 The mbstring shared extension for php
-*
php52-mcrypt-5.2.13_3 The mcrypt shared extension for php
-*
php52-mhash-5.2.13_3 The mhash shared extension for php
-*
php52-mysql-5.2.13_3 The mysql shared extension for php
-*
php52-mysqli-5.2.13_3 The mysqli shared extension for php
-*
php52-openssl-5.2.13_3 The openssl shared extension for php
-*
php52-pcntl-5.2.13_3 The pcntl shared extension for php
-*
php52-pcre-5.2.13_3 The pcre shared extension for php
-*
php52-pdo-5.2.13_3 The pdo shared extension for php
-*
php52-pdo_sqlite-5.2.13_3 The pdo_sqlite shared extension for php
-*
php52-posix-5.2.13_3 The posix shared extension for php
-*
php52-readline-5.2.13_3 The readline shared extension for php
-*
php52-recode-5.2.13_3 The recode shared extension for php
-*
php52-session-5.2.13_3 The session shared extension for php
-*
php52-shmop-5.2.13_3 The shmop shared extension for php
-*
php52-simplexml-5.2.13_3 The simplexml shared extension for php
-*
php52-sockets-5.2.13_3 The sockets shared extension for php
-*
php52-spl-5.2.13_3 The spl shared extension for php
-*
php52-sqlite-5.2.13_3 The sqlite shared extension for php
-*
php52-sysvmsg-5.2.13_3 The sysvmsg shared extension for php
-*
php52-sysvsem-5.2.13_3 The sysvsem shared extension for php
-*
php52-sysvshm-5.2.13_3 The sysvshm shared extension for php
-*
php52-tokenizer-5.2.13_3 The tokenizer shared extension for php
-*
php52-xml-5.2.13_3 The xml shared extension for php
-*
php52-xmlreader-5.2.13_3 The xmlreader shared extension for php
-*
php52-xmlrpc-5.2.13_3 The xmlrpc shared extension for php
-*
php52-xmlwriter-5.2.13_3 The xmlwriter shared extension for php
-*
php52-xsl-5.2.13_3 The xsl shared extension for php
-*
php52-zip-5.2.13_3 The zip shared extension for php
-*
php52-zlib-5.2.13_3 The zlib shared extension for php
-*
sudo-1.7.4.4
Allow others to run commands as root
+<code brush="plain">
+
apache-worker-2.2.16_1 Version 2.2.x of Apache web server with worker MPM.
+php52-5.2.13_3 PHP Scripting Language
+php52-bcmath-5.2.13_3 The bcmath shared extension for php
+php52-bz2-5.2.13_3 The bz2 shared extension for php
+php52-calendar-5.2.13_3 The calendar shared extension for php
+php52-ctype-5.2.13_3 The ctype shared extension for php
+php52-curl-5.2.13_3 The curl shared extension for php
+php52-dom-5.2.13_3 The dom shared extension for php
+php52-extensions-1.3 A "meta-port" to install PHP extensions
+php52-filter-5.2.13_3 The filter shared extension for php
+php52-ftp-5.2.13_3 The ftp shared extension for php
+php52-gd-5.2.13_3 The gd shared extension for php
+php52-gettext-5.2.13_3 The gettext shared extension for php
+php52-gmp-5.2.13_3 The gmp shared extension for php
+php52-hash-5.2.13_3 The hash shared extension for php
+php52-iconv-5.2.13_3 The iconv shared extension for php
+php52-json-5.2.13_3 The json shared extension for php
+php52-mbstring-5.2.13_3 The mbstring shared extension for php
+php52-mcrypt-5.2.13_3 The mcrypt shared extension for php
+php52-mhash-5.2.13_3 The mhash shared extension for php
+php52-mysql-5.2.13_3 The mysql shared extension for php
+php52-mysqli-5.2.13_3 The mysqli shared extension for php
+php52-openssl-5.2.13_3 The openssl shared extension for php
+php52-pcntl-5.2.13_3 The pcntl shared extension for php
+php52-pcre-5.2.13_3 The pcre shared extension for php
+php52-pdo-5.2.13_3 The pdo shared extension for php
+php52-pdo_sqlite-5.2.13_3 The pdo_sqlite shared extension for php
+php52-posix-5.2.13_3 The posix shared extension for php
+php52-readline-5.2.13_3 The readline shared extension for php
+php52-recode-5.2.13_3 The recode shared extension for php
+php52-session-5.2.13_3 The session shared extension for php
+php52-shmop-5.2.13_3 The shmop shared extension for php
+php52-simplexml-5.2.13_3 The simplexml shared extension for php
+php52-sockets-5.2.13_3 The sockets shared extension for php
+php52-spl-5.2.13_3 The spl shared extension for php
+php52-sqlite-5.2.13_3 The sqlite shared extension for php
+php52-sysvmsg-5.2.13_3 The sysvmsg shared extension for php
+php52-sysvsem-5.2.13_3 The sysvsem shared extension for php
+php52-sysvshm-5.2.13_3 The sysvshm shared extension for php
+php52-tokenizer-5.2.13_3 The tokenizer shared extension for php
+php52-xml-5.2.13_3 The xml shared extension for php
+php52-xmlreader-5.2.13_3 The xmlreader shared extension for php
+php52-xmlrpc-5.2.13_3 The xmlrpc shared extension for php
+php52-xmlwriter-5.2.13_3 The xmlwriter shared extension for php
+php52-xsl-5.2.13_3 The xsl shared extension for php
+php52-zip-5.2.13_3 The zip shared extension for php
+php52-zlib-5.2.13_3 The zlib shared extension for php
+sudo-1.7.4.4
Allow others to run commands as root
+</code>
Sudoers:
<code brush="plain">
www ALL=(root) NOPASSWD: /bin/ls
version 2
FreeBSD paka.cyberleo.net 7.2-RELEASE-p3 FreeBSD 7.2-RELEASE-p3 #1: Fri Jul 31 07:52:14 EDT 2009 cyberleo@paka.cyberleo.net:/usr/obj/usr/srcs/RELENG_7_2/src/sys/PAKA amd64
Relevant packages:
apache-worker-2.2.16_1 Version 2.2.x of Apache web server with worker MPM. php52-5.2.13_3 PHP Scripting Language php52-bcmath-5.2.13_3 The bcmath shared extension for php php52-bz2-5.2.13_3 The bz2 shared extension for php php52-calendar-5.2.13_3 The calendar shared extension for php php52-ctype-5.2.13_3 The ctype shared extension for php php52-curl-5.2.13_3 The curl shared extension for php php52-dom-5.2.13_3 The dom shared extension for php php52-extensions-1.3 A "meta-port" to install PHP extensions php52-filter-5.2.13_3 The filter shared extension for php php52-ftp-5.2.13_3 The ftp shared extension for php php52-gd-5.2.13_3 The gd shared extension for php php52-gettext-5.2.13_3 The gettext shared extension for php php52-gmp-5.2.13_3 The gmp shared extension for php php52-hash-5.2.13_3 The hash shared extension for php php52-iconv-5.2.13_3 The iconv shared extension for php php52-json-5.2.13_3 The json shared extension for php php52-mbstring-5.2.13_3 The mbstring shared extension for php php52-mcrypt-5.2.13_3 The mcrypt shared extension for php php52-mhash-5.2.13_3 The mhash shared extension for php php52-mysql-5.2.13_3 The mysql shared extension for php php52-mysqli-5.2.13_3 The mysqli shared extension for php php52-openssl-5.2.13_3 The openssl shared extension for php php52-pcntl-5.2.13_3 The pcntl shared extension for php php52-pcre-5.2.13_3 The pcre shared extension for php php52-pdo-5.2.13_3 The pdo shared extension for php php52-pdo_sqlite-5.2.13_3 The pdo_sqlite shared extension for php php52-posix-5.2.13_3 The posix shared extension for php php52-readline-5.2.13_3 The readline shared extension for php php52-recode-5.2.13_3 The recode shared extension for php php52-session-5.2.13_3 The session shared extension for php php52-shmop-5.2.13_3 The shmop shared extension for php php52-simplexml-5.2.13_3 The simplexml shared extension for php php52-sockets-5.2.13_3 The sockets shared extension for php php52-spl-5.2.13_3 The spl shared extension for php php52-sqlite-5.2.13_3 The sqlite shared extension for php php52-sysvmsg-5.2.13_3 The sysvmsg shared extension for php php52-sysvsem-5.2.13_3 The sysvsem shared extension for php php52-sysvshm-5.2.13_3 The sysvshm shared extension for php php52-tokenizer-5.2.13_3 The tokenizer shared extension for php php52-xml-5.2.13_3 The xml shared extension for php php52-xmlreader-5.2.13_3 The xmlreader shared extension for php php52-xmlrpc-5.2.13_3 The xmlrpc shared extension for php php52-xmlwriter-5.2.13_3 The xmlwriter shared extension for php php52-xsl-5.2.13_3 The xsl shared extension for php php52-zip-5.2.13_3 The zip shared extension for php php52-zlib-5.2.13_3 The zlib shared extension for php sudo-1.7.4.4 Allow others to run commands as root
Sudoers:
www ALL=(root) NOPASSWD: /bin/ls
Script: sudo.php
<pre><?php echo `/usr/local/bin/sudo /bin/ls 2>&1`; ?>
Sequence:
- Set up apache22
- Patch sudoers to allow www (apache user) to run sudo without a password
- Drop the reproduction script in the webdir
- Visit it using a web browser
Expected behaviour:
- Browser should contain the output of ls in the directory containing the script:
sudo.php
Actual behaviour:
- Browser spins waiting for the server to respond
- PHP waits for backticks subprocess to complete
- Something similar to this is seen in ps:
# ps axopid,ppid,user,state,command 5001 793 www I /bin/sh -c /usr/local/bin/sudo /bin/ls 2>&1 5002 5001 root I /usr/local/bin/sudo /bin/ls 5003 5002 root Z <defunct>
- The zombie process is 'ls' after it has finished, which is never reaped by sudo
- If you kill -9 sudo, everything continues normally, and the browser contains the proper output (with 'Killed' added to the end since sudo was killed)
- Downgrading to sudo-1.7.2.7 eliminates this aberrant behavour.