You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by it Force <it...@rediffmail.com> on 2002/04/27 11:40:51 UTC
httpd's 1st process? security issues ?
the user/group specifications usually are
User Apache
Group Apache
the documentation also states that the first process that
starts is the root process and then spawns the httpd
processes.
does this mean that this could be a security threat since
the 1st process is the root process.
and what are the chances that intruder might break in
through the first process. ie .while the root process is
running.
_________________________________________________________
Click below to visit monsterindia.com and review jobs in India or
Abroad
http://monsterindia.rediff.com/jobs
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: httpd's 1st process? security issues ?
Posted by Joshua Slive <jo...@slive.ca>.
On 27 Apr 2002, it Force wrote:
> the user/group specifications usually are
> User Apache
> Group Apache
>
> the documentation also states that the first process that
> starts is the root process and then spawns the httpd
> processes.
> does this mean that this could be a security threat since
> the 1st process is the root process.
>
> and what are the chances that intruder might break in
> through the first process. ie .while the root process is
> running.
>
The risk is quite low because the requests are all handled by the
low-priveleged processes. The only thing the root process does is take
care of launching child processes when necessary, and these child
processes handle the requests. No request is ever handled by the root
process. (It also handles a few other tasks that could be security
sensitive, like launching piped log processes, so there is some small
chance of a misconfiguration leading to a problem.)
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org