You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by Dean Gaudet <dg...@arctic.org> on 1997/07/08 02:22:01 UTC

Re: inetd most secure?

That makes no sense unless you add in "run it from inetd as a user other
than root". 

But we could achieve a similar "level of security" by providing a -P
command switch which passes in an already open socket (can be repeated).
Then write a setuid wrapper which opens the socket, becomes a non-root
user, and launches httpd -P <socket_fd>.  This is how inn runs. 

Dean

On Mon, 7 Jul 1997, Brian Behlendorf wrote:

> In http://www.apache.org/docs/mod/core.html#servertype we say:
> > SECURITY: if you are paranoid about security, run in inetd mode. Security  
> > cannot be guaranteed in either, but whilst most people are happy to use 
> > standalone, inetd is probably least prone to attack.
> 
> What logic is this comment based on?
> 
> 	Brian
> 
> 
> --=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--
> "Why not?" - TL                brian@organic.com - hyperreal.org -
> apache.org
>