httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From (Robert S. Thau)
Subject Re: SCO C2 security+inetd showstopper
Date Fri, 17 Nov 1995 20:43:33 GMT
Ben, I don't know much about SCO, but under SunOS, inetd runs the
command (e.g., httpd), with a uid given in inetd.conf.  Unless that
user is root, this is not a problem.  In fact, Apache currently
doesn't even try to reset its uid if run in inetd mode, for this
reason --- neither did NCSA 1.3.

So, I would only see a problem here that needs to be fixed if SCO's
inetd *insists* on running httpd as root, and doesn't give you any
other options.  If it doesn't, then jumping through hoops to reset the
uid is unnecessary (and would fail anyway, on a sensibly configured


View raw message