httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Randy Terbush <ra...@zyzzyva.com>
Subject Re: Oops explained
Date Wed, 10 Jul 1996 16:29:57 GMT
>   As a matter of interest, what technique are you using in the end to soothe
>   our security fears?
> 
> FWIW, the child_check stuff in apache-XX is intended to help with this
> sort of thing (it leaves the child's PID in a mode 644 file owned by root,
> which only a privileged process could have written, as an authenticator
> --- the server opens this file while running privileged, keeps write access
> when it drops privileges, but closes the file before exec(); --- the end
> effect is, hopefully, that these notes can only be faked by an attacker who
> either can write a root-owned file (and presumably has better things to do
> with that ability), or who can subvert the server completely).
> 
> Has anyone looked at this stuff?
> 
> rst

I remember you mentioning this and had plans to look at this.





Mime
View raw message